685 matches found
CVE-2020-27850
A stored Cross-Site Scripting XSS vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. This code is interpreted by users in a privileged role Administrator, Editor, etc...
Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability
Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the textarea field...
Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability
Rocketgenius Gravity Forms is a software solution from the Rocketgenius team. A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers...
Rocketgenius Gravity Forms Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via imported GF forms...
Mailster Gravity Forms < 2.4.9 - Unauthenticated Stored Cross-Site Scripting (XSS)
Mailster 1 is a newsletter plugin for WordPress. It allows to create, send and track the newsletter campaigns. Compass Security identified a stored Cross-Site Scripting XSS vulnerability affecting the administration interface. Successful exploitation requires no authentication and can be performe...
WordPress Gravity Forms Information Disclosure Vulnerability
WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Gravity Forms is a form builder plugin used in it. A security vulnerability exists in the common.php file in WordPress Gravity Form...
CVE-2020-13764
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
CVE-2020-13764
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
CVE-2020-13764
common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because userpass is not considered a special case for a $currentuser-get$property call...
CVE-2020-13764
The CVE-2020-13764 entry documents an information-disclosure vulnerability in the WordPress Gravity Forms plugin prior to version 2.4.9. The issue arises because common.php exposes hashed passwords by not treating user_pass as a special case for $current_user->get($property), allowing potentia...
WordPress Infusionsoft Gravity Forms Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Infusionsoft Gravity Forms is a plug-in that automatically sends form submissions to the Infusionsoft CRM system. A cross-site scriptin...
CVE-2014-4536
Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...
CVE-2014-4536
Infusionsoft Gravity Forms Add-on for WordPress is affected by CVE-2014-4536: multiple XSS vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php, exploitable via the go, contactId, or campaignId parameters in versions before 1.5.6. The nuclei template and WPVulnDB entry corrobora...
CVE-2014-4536
Multiple cross-site scripting XSS vulnerabilities in tests/notAutotestContactServicepauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 go, 2 contactId, or 3 campaignId parameter...
WordPress gravity-forms-sms-notifications plugin cross-site scripting vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. gravity-forms-sms-notifications is a short message alert plugin used in it. A cross-site scripting vulnerability exists in the WordPre...
CVE-2017-18495
The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...
CVE-2017-18495
The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...
Cross site scripting
The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...
CVE-2017-18495
The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS...