Lucene search
K

19 matches found

NVD
NVD
added 2026/04/06 10:16 p.m.4 views

CVE-2026-35404

Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...

6.1CVSS0.00223EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/06 9:22 p.m.5 views

EUVD-2026-19502

Open edX Platform enables the authoring and delivery of online learning at any scale. he viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...

4.7CVSS5.9AI score0.00223EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.4 views

PT-2026-30739

Name of the Vulnerable Software and Affected Versions Open edX Platform affected versions not specified Description The Open edX Platform allows for the creation and delivery of online learning content. The view survey API endpoint is susceptible to an open redirect issue due to the lack of...

6.1CVSS5.8AI score0.00223EPSS
Exploits1References6
NVD
NVD
added 2026/02/25 4:16 a.m.15 views

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

8.8CVSS0.00761EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:8 a.m.5 views

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

8.8CVSS6.3AI score0.00761EPSS
Exploits0References6
CVE
CVE
added 2026/02/25 3:8 a.m.10 views

CVE-2026-27745

The CVE-2026-27745 entry concerns the SPIP plugin interface_traduction_objets, affected when using versions prior to 4.3.3. An authenticated attacker with editor-level privileges can exploit an authenticated RCE vulnerability by injecting crafted content into a hidden form field populated with un...

8.8CVSS6.3AI score0.00761EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-0613

Malware in sbrugna...

6.4CVSS6.4AI score0.01194EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2000-0753

Malware in sbrugna...

4.6CVSS6.4AI score0.00357EPSS
Exploits0References4
n0where
n0where
added 2015/10/22 9:5 p.m.15 views

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

7.5AI score
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2003/06/06 12:0 a.m.13 views

Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting

Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/06 12:0 a.m.22 views

Maxwebportal 1.30 - Remote Database Disclosure

source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/06/06 12:0 a.m.27 views

Max Web Portal < 1.30 - Multiple Vulnerabilities

Max Web Portal Multiple Vulnerabilities Vendor: Max Web Portal Product: Max Web Portal Version: alertdocument.cookie Remember this vuln as I will later explain how it can be used to aide an attacker to compromise user and admin accounts. Hidden Form Field weakness: The Max Web Portal system seems...

7.4AI score
Exploits0
NVD
NVD
added 2002/12/31 5:0 a.m.19 views

CVE-2002-2302

3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field...

6.4CVSS6.6AI score0.01222EPSS
Exploits0References5
NVD
NVD
added 2000/10/20 4:0 a.m.11 views

CVE-2000-0758

The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the listadmin hidden form field...

4.6CVSS6.5AI score0.00357EPSS
Exploits0References3
CVE
CVE
added 2000/10/13 4:0 a.m.54 views

CVE-2000-0758

The CVE-2000-0758 entry affects Lyris List Manager 3 and 4; the web interface allows subscribers to obtain administrative access by modifying the hidden form field list_admin. Root cause is insufficient server-side validation of this hidden field, enabling privilege escalation from a subscriber. ...

4.6CVSS6.9AI score0.00357EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2000/06/08 4:0 a.m.12 views

CVE-2000-0554

Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translatedpath hidden form field...

5CVSS6.6AI score0.01344EPSS
Exploits0References2
exploitpack
exploitpack
added 2000/02/01 12:0 a.m.25 views

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source:...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2000/02/01 12:0 a.m.36 views

QuickCommerce 2.5/3.0 / Cart32 2.5 a/3.0 / Shop Express 1.0 / StoreCreator 3.0 Web Shopping Cart - Hidden Form Field

E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source: https://www.securityfocus.com/bid/1237/info Various shopping cart applications use hidden form fields within the...

7AI score
Exploits0
Rows per page
Query Builder