Sprout Forms Code Injection Vulnerability

Sprout Forms is a form builder plugin. A code injection vulnerability exists in Sprout Forms versions prior to 3.9.0. An attacker can exploit this vulnerability to execute Twig code...

CVE-2020-11056

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

CVE-2020-11056

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

Template injection

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

CVE-2020-11056 Potential Code Injection in Sprout Forms

In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...

CVE-2020-11056

In Sprout Forms below version 3.9.0, there is a Server-Side Template Injection vulnerability when using custom fields in Notification Emails that can lead to execution of Twig code. Root cause: unsafely interpolating user-controlled fields in email templates, enabling Twig execution. Impact descr...

aimmo (>=0.57.1 <=1.3.1b671), cfl-common (>=4.3.0 <=5.26.7) +100 more potentially affected by CVE-2020-11037 via wagtail (>=1.0.0 <=2.6.3)

wagtail PYPI version =1.0.0, =0.57.1, =4.3.0, =2.28.0, =0.5.0, =0.3.1, =0.1.29, =0.2.0, =2.0.3, =0.1.1, =0.2.9, =5.22.3, =0.0.1, =10.1.21 and more Source cves: CVE-2020-11037 Source advisory: OSV:GHSA-JJJR-3JCW-F8V6...

Webform - Critical - Remote Code Execution - SA-CONTRIB-2020-011

This module enables you to build forms and surveys in Drupal. The module doesn't sufficiently filter webform element properties attributes under the scenario of editing a webform. Malicious user could craft such an attribute elementvalidate, for example that would invoke execution of undesired PH...

WordPress Ninja Forms Plugin < 3.4.24.2 CSRF Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2020-27083)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ninja-forms is a contact form creation plugin used in it. A security vulnerability exists in WordPress ninja-forms versions prior ...

CVE-2020-12462

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...

CVE-2020-12462

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...

CVE-2020-12462

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS...

CVE-2020-12462

CVE-2020-12462 affects the WordPress Ninja Forms plugin prior to 3.4.24.2. Multiple sources (Red Hat, CVE/NVD, WPVulndB) describe a CSRF bug that can yield a stored XSS condition via the plugin’s import/contact features. Root cause: CSRF vulnerability exploited to inject arbitrary JavaScript. Imp...

Ninja Forms < 3.4.24.2 - CSRF to Stored XSS

Ramuel Gall of Wordfence discovered a Cross-Site Request ForgeryCSRF plugin vulnerability within the Ninja Forms WordPress plugin. By exploiting the CSRF vulnerability, an attacker could inject arbitrary malicious JavaScript via the import contact feature. This vulnerability was reportedly fixed ...

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2020-10907

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Description of 2007 Microsoft Office servers Service Pack 2 and of 2007 Microsoft Office servers Language Pack Service Pack 2

Describes 2007 Microsoft Office servers Service Pack 2 SP2 and 2007 Microsoft Office servers Language Pack Service Pack 2 SP2. This includes a complete list of the improvements that SP2 provides.INTRODUCTIONThe 2007 Microsoft Office servers Service Pack 2 SP2 package gives customers the latest...

Foxit Reader XFA Widget Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of widge...