WordPress Infusionsoft Gravity Forms Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Infusionsoft Gravity Forms is a plug-in that automatically sends form submissions to the Infusionsoft CRM system. A cross-site scriptin...

CVE-2014-4536

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

CVE-2014-4536

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

CVE-2014-4536

Infusionsoft Gravity Forms Add-on for WordPress is affected by CVE-2014-4536: multiple XSS vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php, exploitable via the go, contactId, or campaignId parameters in versions before 1.5.6. The nuclei template and WPVulnDB entry corrobora...

CVE-2012-2237

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript innerHTML as used when generating login forms, 2 links or 3 resources URLs, and 4 the Display nam...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript innerHTML as used when generating login forms, 2 links or 3 resources URLs, and 4 the Display nam...

Adobe Acrobat Pro DC XFA Form Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processin...

CVE-2019-16545

Jenkins QMetry for JIRA - Test Management Plugin transmits credentials in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure...

Shack Forms Pro extension path traversal vulnerability in Joomla!

Joomla! is the U.S. Open Source Matters team using PHP and MySQL development of a set of open source, cross-platform content management system CMS. Shack Forms Pro extension is used in one of the form creation plugin . A path traversal vulnerability exists in the Shack Forms Pro extension for...

The vulnerability of the Services subcomponent of the Oracle Forms component in the Oracle Fusion Middleware software platform allows a malicious individual to gain unauthorized access to read, modify, add, or delete data.

The vulnerability of the Services sub-component of the Oracle Forms component of the Oracle Fusion Middleware software platform is related to lack of access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, modify, add, or...

CVE-2012-2237

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript innerHTML as used when generating login forms, 2 links or 3 resources URLs, and 4 the Display nam...

CVE-2012-2237

Summary: CVE-2012-2237 affects Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2, enabling remote XSS via multiple vectors (1) javascript innerHTML in login form generation, (2) links, (3) resources URLs, and (4) the Display name in profiles. The underlying issue is insufficient sanitization/encod...

CVE-2019-15929

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them...

CVE-2019-8089

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-8089

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

Cross site scripting

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-8089

Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure...

CVE-2019-8089

Adobe Experience Manager Forms (AEM Forms) versions 6.3–6.5 are affected by a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of user input. Successful exploitation could lead to disclosure of sensitive information. Multiple connected sources confirm the issue ...

Cross site scripting

Reflected XSS exists in interface/forms/eyemag/view.php in OpenEMR 5.x before 5.0.2.1 ia the id parameter...