WordPress plugin Kirki – Freeform Page Builder, Website Builder & Customizer 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2021-1437

Malware in sbrugna...

EUVD-2020-1014

Malware in sbrugna...

EUVD-2024-45844

Malicious code in bioql PyPI...

CVE-2024-52339

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maximilian Ruthe Mage Front End Forms mage-forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through = 1.1.4...

CVE-2023-47129

Statmic is a core Laravel content management system Composer package. Prior to versions 3.4.13 and 4.33.0, on front-end forms with an asset upload field, PHP files crafted to look like images may be uploaded. This only affects forms using the "Forms" feature and not just any arbitrary form. This...

Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

GHSA-P7F6-8MCM-FWV3 Statamic CMS has a Path Traversal in Asset Upload

Assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. Impact - Affects front-end forms with assets fields. - Affects other places where assets can be uploaded, although users would need upload permissions anyway. -...

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

CVE-2024-52600 Statamic CMS has Path Traversal in Asset Upload

Statmatic is a Laravel and Git powered content management system CMS. Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with assets fields and other plac...

CVE-2024-52339

CVE-2024-52339 is a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Mage Front End Forms . Public descriptions state improper input neutralization during page generation, allowing Stored XSS in Mage Front End Forms versions up to and including 1.1.4 (affected range shown a...

CVE-2024-52339 WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maximilian Ruthe Mage Front End Forms mage-forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through = 1.1.4...

CVE-2024-52339 WordPress Mage Front End Forms plugin <= 1.1.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4...

WordPress plugin Mage Front End Forms 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Mage Front End Forms Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS)

Software Mage Front End Forms Type Plugin Vulnerable versions = 1.1.4 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-52339 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 411709dfd335 Credits SOPROBRO Required privilege...

Contao 安全漏洞

Contao is an open source content management system CMS developed in PHP. The system supports search engines, rights management, and CSS frameworks. A security vulnerability exists in Contao version 4.x prior to version 4.13.40 and version 5.x prior to version 5.3.4, which stems from the ability t...

Statmic CMS vulnerable to account takeover via XSS and password reset link

Impact HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects: - front-end forms with asset fields without any mime type validation - asset fields in the control panel - asset browser in the control panel Additionally, if the XSS is crafted in a specific...

CVE-2024-24570 Statamic account takeover via XSS and password reset link

Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel...

Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...

GHSA-8JJH-J3C2-CJCV Cross-site Scripting via uploaded assets

Impact HTML files crafted to look like images may be uploaded regardless of mime validation. This is only applicable on front-end forms using the "Forms" feature containing an assets field, or within the control panel which requires authentication. Patches It has been patched on 3.4.15 and 4.36.0...