CVE-2019-19222

A Stored XSS issue in the D-Link DSL-2680 web administration interface Firmware EU1.03 allows an authenticated attacker to inject arbitrary JavaScript code into the info.html administration page by sending a crafted Forms/wirelessautonetwork1 POST request...

PT-2020-10104 · D Link · D-Link Dsl-2680

Name of the Vulnerable Software and Affected Versions: D-Link DSL-2680 version EU 1.03 Description: A Broken Access Control issue in the web administration interface allows an attacker to change DNS servers without authentication by submitting a crafted Forms/dns 1 POST request. Recommendations:...

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

Cross site request forgery (csrf)

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

WordPress Easy Forms for Mailchimp plugin <= 6.6.2 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability discovered in WordPress Easy Forms for Mailchimp plugin versions = 6.6.2. Solution Update the WordPress Easy Forms for Mailchimp plugin to the latest available version at least 6.6.3...

GHSA-QVRV-2X7X-78X2 Reflected XSS in SilverStripe

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

Reflected XSS in SilverStripe

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

Cross-Site Scripting (XSS)

silverstripe/framework is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript into a user's browser via the login and custom forms...

CVE-2019-19325

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

CVE-2019-19325

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

Cross site scripting

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

CVE-2019-19325

SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...

WordPress marketo-forms-and-tracking cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. A cross-site request forgery vulnerability exists in wp-admin/admin.php?page=marketofat in WordPress marketo-forms-and-tracking plugin 1.0.2 and prior versions. The vulnerability stems from...

WordPress Ninja Forms Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Ninja Forms plugin is a form creation component used in it. A cross-site scripting vulnerability exists in WordPress Ninja Forms versio...

WordPress Ninja Forms Plugin < 3.4.23 XSS Vulnerability

The WordPress plugin Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

CVE-2020-8594

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninjaformsrecaptchasitekey, ninjaformsrecaptchasecretkey, ninjaformsrecaptchalang, or ninjaformsdateformat...

CVE-2020-8594

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninjaformsrecaptchasitekey, ninjaformsrecaptchasecretkey, ninjaformsrecaptchalang, or ninjaformsdateformat...

Cross site scripting

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninjaformsrecaptchasitekey, ninjaformsrecaptchasecretkey, ninjaformsrecaptchalang, or ninjaformsdateformat...

CVE-2020-8594

The CVE-2020-8594 entry describes a stored XSS vulnerability in the WordPress Ninja Forms plugin, affecting version 3.4.22 (and earlier). The issue is triggered via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format], with r...