Drupal Drupalgeddon 2 Forms API Property Injection Exploit

This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...

Uber: Lack of CSRF protection on uberps.com makes every form vulnerable to CSRF

A malicious website can cause visitors who are currently authenticated to https://uberps.com to take sensitive actions on https://uberps.com A basic CSRF vuln on a old uber microsite. Check out my blog https://healdb.tech/blog/ or my Twitter https://twitter.com/healdben for some Bug Bounty tool...

WordPress Caldera Forms plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Caldera Forms is a drag-and-drop web editor plugin used in ... A cross-site scripting vulnerability exists in WordPress...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2018-7747

Multiple cross-site scripting XSS vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a greeting message, 2 the email transaction log, or 3 an imported form...

CVE-2018-7747

Summary (CVE-2018-7747): WordPress Caldera Forms plugin vulnerable through stored XSS in versions up to 1.5.9.1, fixed in 1.6.0-rc.1. Vulnerability arises from insufficient input validation allowing remote attackers to inject arbitrary script via (1) a greeting message, (2) the email transaction ...

Uber: Reflected XSS and sensitive data exposure, including payment details, on lioncityrentals.com.sg

lioncityrentals.com.sg employed a Wordpress installation that possessed a vulnerable plugin, Formidable Forms, which was vulnerable to reflected XSS, and exposed sensitive form data. Thanks again for the report, @healdb! This was the first bug I ever found that exposed a large amount of PII, than...

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

Drupal Drupalgeddon 2 Forms API Property Injection

This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Drupal Drupalgeddon 2 Forms API Property Injection', 'Description' = %q This module exploits a Drupal property injection in the Forms API. Drupal 6.x, 'Jasper Mattsson', Vulnerability discovery 'a2u', Proof of concept...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...

WordPress Caldera Forms plugin <=1.5.9.1 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Federico Scalco in WordPress Caldera Forms versions =1.5.9.1. Solution Update the WordPress Caldera Forms plugin to the latest available version at least 1.6.0...

Convert Forms CSV Injection Vulnerability in Joomla!

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. A CSV injection vulnerability exists in Joomla! Convert Forms 2.0.3 and earlier versions. When a user with elevated privileges exports form data in CSV format, an attacker can explo...

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection) Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla Extension Convert Forms version 2.0.3 - Formula Injection CSV Injection Google Dork: N/A Exploit Author: Jetty Sairam Software Link:...

CVE-2014-6169

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777...

CVE-2014-6169

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.0 and 8.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 97777...

CVE-2014-6169

CVE-2014-6169 affects IBM Forms Experience Builder 8.5.0 and 8.5.1. The issue is a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected sources confirm the affected product versions and the XSS nature b...