CVE-2018-19287

XSS in the Ninja Forms plugin before 3.3.18 for WordPress allows Remote Attackers to execute JavaScript via the includes/Admin/Menus/Submissions.php aka submissions page begindate, enddate, or formid parameter...

Wordpress Ninja Forms 3.3.17 Plugin - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2...

WordPress Ninja Forms 3.3.17 Cross Site Scripting

Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox CVE :...

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested...

WordPress Ninja Forms plugin <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS) vulnerability

Unauthenticated Cross-Site Scripting XSS vulnerability found in WordPress Ninja Forms plugin versions = 3.3.17. Solution Update the WordPress Ninja Forms plugin to the latest available version at least 3.3.18...

WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting

Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox CVE :...

Ninja Forms <= 3.3.17 - Unauthenticated Cross-Site Scripting (XSS)

According to the changelog: "Patched a redirect XSS vulnerability using code injection on our submissions page."...

Open Ticket Request System (OTRS) File Deletion Vulnerability

Open Ticket Request System OTRS is an open source defect tracking and management system software. Open Ticket Request System OTRS suffers from a file deletion vulnerability that can be exploited by an attacker to delete files through manipulation of submission forms...

GHSA-VWJJ-2852-3765 Cross-Site Scripting in forms

Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting. Recommendation Update to version 1.3.0 or later...

browser-forms (>=0.0.1 <=0.0.2), express-stormpath (>=0.1.0 <=0.5.8) +4 more potentially affected by CVE-2017-16015 via forms (>=0.1.0 <=1.1.4)

forms NPM version =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =0.3.1, =0.0.1, =0.1.1 Source cves: CVE-2017-16015 Source advisory: OSV:GHSA-VWJJ-2852-3765...

Cross-Site Scripting in forms

Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting. Recommendation Update to version 1.3.0 or later...

WordPress Pie Register 3.0.17 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications =============================================================================================== Pie Register v3.0.17 WordPress Plugin - Cross-Site Scripting Vulnerability in Forgot-Password...

Foxit Reader and Foxit PhantomPDF for Windows Security Vulnerabilities

Foxit Reader for Windows is a Windows-based PDF document reader from China's Foxit Foxit Software Corporation.Foxit PhantomPDF for Windows is its commercial version. A memory misreference vulnerability exists in the handling of the desc attribute of an XFA object in Foxit Reader 9.2.0.9297 and...

WordPress WPML plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of PHP language development of the blogging platform, the platform supports PHP and MySQL servers to set up a personal blog site. WPML also known as sitepress-multilingual-cms is used in one of the multi-language support plug-ins. A cross-si...

CVE-2018-17859

An issue was discovered in Joomla! before 3.8.13. Inadequate checks in comcontact could allow mail submission in disabled forms...

Design/Logic Flaw

An issue was discovered in Joomla! before 3.8.13. Inadequate checks in comcontact could allow mail submission in disabled forms...

CVE-2018-17859

CVE-2018-17859 affects Joomla! before 3.8.13, where inadequate checks in the com_contact component allow mail submission from disabled contact forms. The vulnerability stems from insufficient form-state validation in core code, enabling an attacker to trigger mail submission even when forms are d...

CVE-2018-17859

An issue was discovered in Joomla! before 3.8.13. Inadequate checks in comcontact could allow mail submission in disabled forms...

Foxit Reader JavaScript XFA Use After Free (CVE-2018-3850)

A use after free vulnerability exists in Foxit Reader. This vulnerability is due to improper handling of freed JavaScript XML Forms Architecture objects...

WordPress Pie Register 3.0.15 Cross Site Scripting

===================================================================================== Pie Register v3.0.15 WordPress Plugin - Cross-Site Scripting Vulnerability in Login ===================================================================================== Exploit Title: Pie Register v3.0.15...