Lucene search
K

685 matches found

Cvelist
Cvelist
added 2021/01/20 3:8 a.m.17 views

CVE-2020-27850

A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...

4.9AI score0.00616EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.6 views

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the textarea field...

5.4CVSS6.1AI score0.00607EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.4 views

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers...

5.4CVSS6.1AI score0.00607EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/01/19 12:0 a.m.4 views

Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via imported GF forms...

4.8CVSS5.8AI score0.00616EPSS
Exploits0References2
wpexploit
wpexploit
added 2020/07/08 12:0 a.m.13 views

Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)

Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...

6.1AI score
Exploits0References2
CNVD
CNVD
added 2020/06/03 12:0 a.m.8 views

WordPress Gravity Forms Information Disclosure Vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Gravity Forms is a form builder plugin used in it. A security vulnerability exists in the common.php file in WordPress Gravity Form...

7.5CVSS6.6AI score0.0183EPSS
Exploits0References1
NVD
NVD
added 2020/06/02 9:15 p.m.15 views

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5CVSS7.5AI score0.0183EPSS
Exploits0References2
OSV
OSV
added 2020/06/02 9:15 p.m.22 views

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5CVSS7.2AI score
Exploits0References2
Cvelist
Cvelist
added 2020/06/02 8:33 p.m.20 views

CVE-2020-13764

common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...

7.5AI score0.0183EPSS
Exploits0References2
CVE
CVE
added 2020/06/02 8:33 p.m.91 views

CVE-2020-13764

The CVE-2020-13764 entry documents an information-disclosure vulnerability in the WordPress Gravity Forms plugin prior to version 2.4.9. The issue arises because common.php exposes hashed passwords by not treating user_pass as a special case for $current_user-&gt;get($property), allowing potentia...

7.5CVSS7.5AI score0.0183EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/01/02 12:0 a.m.5 views

WordPress Infusionsoft Gravity Forms Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Infusionsoft Gravity Forms is a plug-in that automatically sends form submissions to the Infusionsoft CRM system. A cross-site scriptin...

6.1CVSS6.2AI score0.03902EPSS
Exploits2References1
NVD
NVD
added 2019/12/27 8:15 p.m.15 views

CVE-2014-4536

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

6.1CVSS6.2AI score0.03902EPSS
Exploits2References2
Prion
Prion
added 2019/12/27 8:15 p.m.12 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

4.3CVSS6.2AI score0.03902EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2019/12/27 7:1 p.m.194 views

CVE-2014-4536

Infusionsoft Gravity Forms Add-on for WordPress is affected by CVE-2014-4536: multiple XSS vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php, exploitable via the go, contactId, or campaignId parameters in versions before 1.5.6. The nuclei template and WPVulnDB entry corrobora...

6.1CVSS6.1AI score0.03902EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2019/12/27 7:1 p.m.22 views

CVE-2014-4536

Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...

6.2AI score0.03902EPSS
Exploits2References2
CNVD
CNVD
added 2019/10/12 12:0 a.m.5 views

WordPress gravity-forms-sms-notifications plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. gravity-forms-sms-notifications is a short message alert plugin used in it. A cross-site scripting vulnerability exists in the WordPre...

6.1CVSS6.3AI score0.00915EPSS
Exploits1References1
OSV
OSV
added 2019/08/13 5:15 p.m.2 views

CVE-2017-18495

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

6.1CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2019/08/13 5:15 p.m.17 views

CVE-2017-18495

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

6.1CVSS6.4AI score0.00915EPSS
Exploits1References1
Prion
Prion
added 2019/08/13 5:15 p.m.17 views

Cross site scripting

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

4.3CVSS6.4AI score0.00915EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/08/13 4:40 p.m.22 views

CVE-2017-18495

The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...

6.4AI score0.00915EPSS
Exploits1References1
Rows per page
Query Builder