11 matches found
CVE-2025-57244
OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...
CVE-2025-57244
OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...
CVE-2025-57244
OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting XSS in the user account creation interface. The Name field accepts script tags and the Email field is vulnerable when the POST request is modified to include encoded script tags, by passing frontend validation...
EUVD-2020-0545
Malware in sbrugna...
GHSA-8M73-W2R2-6XXJ Insecure defaults in UmbracoForms
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
Insecure defaults in UmbracoForms
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
CVE-2020-7685
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
Default configuration
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
CVE-2020-7685
CVE-2020-7685 affects UmbracoForms (all versions). The issue arises when using the default configuration for file uploads, which permits uploading arbitrary file types. A mitigation path is described: implement a custom workflow and frontend validation to block disallowed file types according to ...
CVE-2020-7685 Insecure Defaults
This affects all versions of package UmbracoForms. When using the default configuration for upload forms, it is possible to upload arbitrary file types. The package offers a way for users to mitigate the issue. The users of this package can create a custom workflow and frontend validation that...
PT-2020-19708 · Umbraco · Umbraco Forms
Name of the Vulnerable Software and Affected Versions: UmbracoForms versions all versions Description: The issue allows uploading arbitrary file types when using the default configuration for upload forms. Users can mitigate this by creating a custom workflow and frontend validation to block...