Lucene search
K

8262 matches found

NVD
NVD
added 2019/08/22 1:15 p.m.14 views

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

6.1CVSS6.3AI score0.00915EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 1:15 p.m.5 views

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

6.1CVSS5.8AI score0.00915EPSS
Exploits0References1
OSV
OSV
added 2019/08/22 1:15 p.m.3 views

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

9.1CVSS5.8AI score0.01744EPSS
Exploits0References1
Prion
Prion
added 2019/08/22 1:15 p.m.10 views

Code injection

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

5CVSS7.6AI score0.01392EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/22 1:15 p.m.13 views

Hardcoded credentials

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

4.3CVSS6.3AI score0.00915EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/08/22 1:15 p.m.13 views

Design/Logic Flaw

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

6.4CVSS9.2AI score0.01744EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:42 p.m.18 views

CVE-2017-18574

The ninja-forms plugin before 3.0.31 for WordPress has insufficient HTML escaping in the builder...

6.4AI score0.00915EPSS
Exploits0References1
CVE
CVE
added 2019/08/22 12:42 p.m.51 views

CVE-2017-18574

The CVE refers to the Ninja Forms WordPress plugin (before version 3.0.31) with insufficient HTML escaping in the builder, leading to an XSS vulnerability. Affected: Ninja Forms plugin for WordPress; root cause: inadequate escaping in the builder component. Impact: cross-site scripting potential;...

6.1CVSS6.3AI score0.00915EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/22 12:40 p.m.55 views

CVE-2018-20981

CVE-2018-20981 affects the WordPress Ninja Forms plugin prior to version 3.3.9. The issue is described as insufficient restrictions on submission-data retrieval during Export Personal Data requests, which could enable access to personal data during the export process. The available connected docu...

9.1CVSS9.2AI score0.01744EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:40 p.m.20 views

CVE-2018-20981

The ninja-forms plugin before 3.3.9 for WordPress has insufficient restrictions on submission-data retrieval during Export Personal Data requests...

9.4AI score0.01744EPSS
Exploits0References1
CVE
CVE
added 2019/08/22 12:37 p.m.45 views

CVE-2018-20980

CVE-2018-20980 affects the Ninja Forms plugin for WordPress prior to version 3.2.15, with a parameter tampering vulnerability. The NVD metrics indicate a CVSS-3 base score of 7.5 (HIGH), driven by network attack vector, low complexity, no privileges required, but impact on integrity is HIGH while...

7.5CVSS7.6AI score0.01392EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/22 12:37 p.m.18 views

CVE-2018-20980

The ninja-forms plugin before 3.2.15 for WordPress has parameter tampering...

7.7AI score0.01392EPSS
Exploits0References1
NVD
NVD
added 2019/08/21 6:15 p.m.16 views

CVE-2014-10380

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...

6.1CVSS6.2AI score0.00913EPSS
Exploits0References1
Prion
Prion
added 2019/08/21 6:15 p.m.13 views

Cross site scripting

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...

4.3CVSS6.4AI score0.00913EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/08/21 5:20 p.m.16 views

CVE-2014-10380

The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms...

6.1AI score0.00913EPSS
Exploits0References1
CVE
CVE
added 2019/08/21 5:20 p.m.48 views

CVE-2014-10380

CVE-2014-10380 affects the WordPress Profile Builder plugin prior to 1.1.66, with multiple XSS flaws in forms. The connected Red Hat/CVE pages and other sources reiterate the same description. No explicit exploitation details, impact scope, or remediation/version-specific fixes are provided in th...

6.1CVSS6.1AI score0.00913EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/08/21 1:15 p.m.6 views

CVE-2016-10903

The GoDaddy godaddy-email-marketing-sign-up-forms plugin before 1.1.3 for WordPress has CSRF...

8.8CVSS5.8AI score0.0068EPSS
Exploits0References1
CVE
CVE
added 2019/08/21 12:47 p.m.36 views

CVE-2016-10903

CVE-2016-10903 is a CSRF vulnerability in the GoDaddy WordPress plugin GoDaddy Email Marketing Sign-Up Forms, affected in versions before 1.1.3. Multiple sources (NVD, Red Hat, CNVD, PRION, CVE lists, and WPVulndb) consistently identify the issue as cross-site request forgery within this plugin. ...

8.8CVSS8.7AI score0.0068EPSS
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/08/21 12:0 a.m.3 views

OpenEMR Command Injection Vulnerability (CNVD-2019-28410)

OpenEMR is a medical practice management software that also supports electronic medical records EMR. A command injection vulnerability exists in OpenEMR 5.0.1 and earlier versions, which can be exploited by an authenticated attacker to execute arbitrary commands on the host system via the "Scanne...

9CVSS8.1AI score0.09616EPSS
Exploits1References1
NVD
NVD
added 2019/08/20 7:15 p.m.19 views

CVE-2019-3968

In OpenEMR 5.0.1 and earlier, an authenticated attacker can execute arbitrary commands on the host system via the Scanned Forms interface when creating a new form...

9CVSS8.9AI score0.09616EPSS
Exploits1References1
Rows per page
Query Builder