Security Bulletin: IBM Forms Experience Builder is susceptible to a cross site scripting vulnerability (CVE-2016-0370)

Summary IBM Forms Experience Builder is susceptible to building an application by an administrator that could expose a cross site scripting vulnerability. Vulnerability Details CVEID: CVE-2016-0370 DESCRIPTION: IBM Forms Experience Builder is susceptible to building an application by an...

Security Bulletin: IBM Forms Experience Builder vulnerable to CSRF when configured with non default settings (CVE-2016-2884)

Summary A cross-site request forgery attack is possible when configured with non default settings, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2016-2884 DESCRIPTION: IBM Forms Experience Builder is vulnerable to cross-site request forgery, when configure...

Security Bulletin: IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542)

Summary IBM Forms Viewer Installation could allow a remote attacker to execute arbitrary code on the system. If you have recently downloaded a copy of IBM Forms Viewer, use the information below to correct the vulnerability prior to installing the product. If you have already installed IBM...

Security Bulletin: IBM Forms Designer Installation could allow a remote attacker to execute arbitrary code on the system (CVE-2016-2542)

Summary IBM Forms Designer Installation could allow a remote attacker to execute arbitrary code on the system. If you have recently downloaded a copy of IBM Forms Designer, use the information below to correct the vulnerability prior to installing the product. If you have already installed IBM...

Security Bulletin: IBM Forms Server vulnerability identified in Webform Server (CVE-2016-0223)

Summary IBM Forms Server's Webform Framework API is vulnerable to cross-site scripting when a specifically-crafted URL is used within the web browser. Vulnerability Details CVEID: CVE-2016-0223 DESCRIPTION: IBM Forms Server is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: IBM Forms Viewer may be affected by a known issue with libpng library (CVE-2015-8126, CVE-2015-8472)

Summary An IBM Form XFDL document that contains a specially crafted PNG image can crash IBM Forms Viewer. This can occur based on the Viewer's use of this library. Vulnerability Details CVEID: CVE-2015-8126 DESCRIPTION: libpng is vulnerable to a buffer overflow, caused by improper bounds checking...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Java included with IBM Forms Viewer

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is included with several installations of the IBM Forms Viewer. Vulnerability Details The IBM Forms Viewer includes installers that bundle and use the IBM SDK for Java. This version of Java includes multiple...

Security Bulletin: IBM Forms Viewer can crash on some embedded PNG images (CVE-2013-6954)

Summary A XFDL form with a PNG image that exposes this issue can crash the IBM Forms Viewer Vulnerability Details CVEID: CVE-2013-6954 DESCRIPTION: A XFDL form can be created utilizing a specially created PNG image that could result in the IBM Forms Viewer to crash. CVSS Base Score: 4.3 CVSS...

Security Bulletin: Vulnerability in Apache Commons Collections affects IBM Forms Server (CVE-2015-7450)

Summary An Apache Commons Collections vulnerability for handling Java object deserialization was addressed by IBM Forms Server. Vulnerability Details CVEID: CVE-2015-7450 DESCRIPTION: Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: Vulnerability in JSoup affects IBM Forms Experience Builder (CVE-2015-6748)

Summary A JSoup vulnerablity which allows a remote attacker to exploit a specially-crafted URL to access user authentication credentials was addressed by IBM Forms Experience Builder. Vulnerability Details CVE-ID: CVE-2015-6748 Description: JSoup is vulnerable to cross-site scripting, caused by...

Security Bulletin: IBM Forms Experience Builder is affected by a Dojo Toolkit vulnerability (CVE-2014-8917)

Summary IBM Forms Experience Builder uses the Dojo Toolkit which has a known cross-site scripting XSS vulnerability. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote...

Security Bulletin: Cross Site Scripting vulnerability in responsive coach view of IBM Business Process Manager (CVE-2016-9731)

Summary One of the responsive coach views that can be used by customers to build responsive web forms that interact with business processes is vulnerable to cross site scripting. Vulnerability Details CVEID: CVE-2016-9731 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site...

Forms Cross-Site Scripting Vulnerability

Forms is a tool for creating, parsing and validating forms in Node.js. A cross-site scripting vulnerability exists in Forms versions prior to 1.3.0, which stems from the program's failure to properly escape HTML and can be exploited by a remote attacker to inject arbitrary web script or HTML...

CVE-2018-12354

Knowage formerly SpagoBI 6.1.1 allows CSRF via every form, as demonstrated by a /knowage/restful-services/2.0/analyticalDrivers/ POST request...

CVE-2018-5185

Plaintext of decrypted emails can leak through by user submitting an embedded form. This vulnerability affects Thunderbird ESR 52.8 and Thunderbird 52.8...

CVE-2017-16015

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting...

CVE-2017-16015

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting...

Cross site scripting

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting...

CVE-2017-16015

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting...

CVE-2017-16015

CVE-2017-16015 affects the forms library (Node.js) where versions before 1.3.0 fail to properly escape HTML in generated forms, enabling cross-site scripting if input is not sanitized. The vulnerability stems from inadequate HTML escaping in the library’s form generation path. Impact is XSS in ap...