8171 matches found
free-business-forms.com Cross Site Scripting vulnerability OBB-1283458
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
forms-world.com Cross Site Scripting vulnerability OBB-1283131
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...
VulnCheck KEV: CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...
Contact Form - Form builder by Kali Forms < 2.1.2 - Authenticated Plugin's Settings Change
The kaliformsupdateoptionajax AJAX action lacks capability and proper CSRF checks, allowing low privilege authenticated users to change or delete the plugin's settings...
Contact Form - Form builder by Kali Forms < 2.1.2 - Unauthenticated Arbitrary Post Deletion
The plugin registers the kaliformsformdeleteuploadedfile AJAX action to call the "deletefile" function, and makes it accessible to all users, authenticated or not...
Contact Form - Form builder by Kali Forms < 2.1.2 - Multiple CSRF Bypass Issues
Throughout the plugin’s code, security nonces can be bypassed because they are only checked if they are set...
svelte-forms-lib (>=1.1.1 <=1.3.2) potentially affected by CVE-2020-7707 via property-expr (=2.0.2)
property-expr NPM version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on property-expr and may be impacted: - svelte-forms-lib =1.1.1, =1.3.2 Source cves: CVE-2020-7707 Source advisory: SNYK:JS-PROPERTYEXPR-598800...
Umbraco Forms Code Issue Vulnerability
Umbraco Forms is a form builder. A security vulnerability exists in Umbraco Forms all versions. An attacker can exploit the vulnerability to upload arbitrary types of files...
DRUPAL-CONTRIB-2020-029
The Modal form module is a toolset for quick start of using forms in modal windows. Any form is available for view and submit when the modalform module is installed. The only requirement is to know the form's fully-qualified class name...
Nextcloud: Formula Injection vulnerability in CSV export feature
Dear Nextcloud Team – I have identified a formula injection vulnerability 12 in the CSV export feature of the Forms App. I am aware that the Forms app is not part of this bug bounty program but was advised to disclose it via hackerone anyway. Description. When a n Excel-/Calc- formula is sent as...
CVE-2020-15118
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
CVE-2020-15118
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
Cross site scripting
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
PYSEC-2020-154
In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp, any HTML tags used within a form field's help text will be...
Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)
Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...
Best security, compliance, and privacy practices for the rapid deployment of publicly facing Microsoft Power Apps intake forms
With the dawn of the COVID-19 pandemic, state and federal agencies around the globe were looking at ways to modernize data intake for social services recipients. The government of a country of about 40 million citizens reached out to Microsoft and asked us to assist in this endeavor. Going...
CVE-2020-13426
The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Request Forgery CSRF vulnerability in the forms it presents, allowing the possibility of deleting records users when an ID is known...
CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...
CVE-2020-12803
ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need f...