CVE-2016-9451

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors...

UBUNTU-CVE-2016-9451

Confirmation forms in Drupal 7.x before 7.52 make it easier for remote authenticated users to conduct open redirect attacks via unspecified vectors...

CVE-2016-9451

Removed by vendor...

CVE-2016-9451

CVE-2016-9451 affects Drupal Core (Drupal 7.x) up to version 7.52. Root cause: a flaw in Confirmation forms that enables a remote authenticated user to perform open redirects via specially crafted URLs, potentially enabling phishing. Impact: open redirect to arbitrary sites; exploited by authenti...

forms.workday.com XSS vulnerability

Vulnerable URL: https://forms.workday.com/fr-fr/company/newsroom/press-releases/press-release-details.html?id=1929384%27%22%3E%3C/Script/K%3E%3CSvg/Onload=confirmOPENBUGBOUNTY%3E Details: Description| Value ---|--- Patched:| Yes, at 10.01.2017 Latest check for patch:| 10.01.2017 17:28 GMT...

Vospari Forms <= 1.3 - Cross-Site Scripting (XSS)

The Vospari Forms WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...

Drupal Fixes 'Moderately Critical' Vulnerabilities in Core Engine

The Drupal Security Team fixed a handful of issues in version 7 and 8 of its content management system core engine this week that could have led to cache poisoning, social engineering attacks and a denial of service condition. Drupal SA-CORE-2016-005 – Moderately Critical Update to Drupal core 7....

Cross-Site Scripting

Overview Affected versions of forms do not properly escape HTML in generated forms, which may result in cross-site scripting. Recommendation Update to version 1.3.0 or later. References - Commit bc01e53 - GitHub Advisory...

Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2016-005

Description Inconsistent name for term access query Less critical - Drupal 7 and Drupal 8 Drupal provides a mechanism to alter database SELECT queries before they are executed. Contributed and custom modules may use this mechanism to restrict access to certain entities by implementing...

MGASA-2016-0375 Updated monit packages fix security vulnerability

The forms in Monit's Service Manager are vulnerable to a cross site request forgery attack. Successful exploitation will enable an attacker to disable/enable all monitoring for a particular host, disable/enable monitoring for a specific service CVE-2016-7067...

WordPress Ninja Forms Unauthenticated File Upload

Versions 2.9.36 to 2.9.42 of the Ninja Forms plugin contain an unauthenticated file upload vulnerability, allowing guests to upload arbitrary PHP code that can be executed in the context of the web server. This module requires Metasploit: https://metasploit.com/download Current source:...

WordPress Caldera Forms 1.3.5.3 Cross Site Scripting Vulnerability

WordPress Caldera Forms plugin version 1.3.5.3 suffers from a cross site scripting vulnerability. ------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin...

WordPress Caldera Forms 1.3.5.3 Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Caldera Forms WordPress Plugin ------------------------------------------------------------------------ Jurgen Kloosterman, July 2016...

Caldera Forms <= 1.3.5.3 - Cross Site Scripting

The Caldera Forms – More Than Contact Forms WordPress plugin was affected by a Cross Site Scripting security vulnerability...

CVE-2016-8600

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later...

Gravity Forms <= 2.0.6.5 - Authenticated Blind Cross-Site Scripting (XSS)

A blind XSS vulnerability exists in the GravityForms plugin prior to version 2.0.7, in the select option dropdown boxes on forms. If the select column is displayed on the gfentries page when viewed in the Dashboard, the code is executed by the admin / viewer of the submissions. This vulnerability...

WordPress Gravity Forms Plugin <= 2.0.6.5 - XSS

This plugin is prone to a cross site scripting vulnerability. It allows attackers to inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Adobe Reader DC XFA Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Adobe Reader DC XFA forms Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

CVE-2016-0370

Cross-site scripting XSS vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product...