19 matches found
CVE-2026-35404
Open edX Platform enables the authoring and delivery of online learning at any scale. The viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...
EUVD-2026-19502
Open edX Platform enables the authoring and delivery of online learning at any scale. he viewsurvey endpoint accepts a redirecturl GET parameter that is passed directly to HttpResponseRedirect without any URL validation. When a non-existent survey name is provided, the server issues an immediate...
PT-2026-30739
Name of the Vulnerable Software and Affected Versions Open edX Platform affected versions not specified Description The Open edX Platform allows for the creation and delivery of online learning content. The view survey API endpoint is susceptible to an open redirect issue due to the lack of...
CVE-2026-27745
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27745
The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...
CVE-2026-27745
The CVE-2026-27745 entry concerns the SPIP plugin interface_traduction_objets, affected when using versions prior to 4.3.3. An authenticated attacker with editor-level privileges can exploit an authenticated RCE vulnerability by injecting crafted content into a hidden form field populated with un...
EUVD-2004-0613
Malware in sbrugna...
EUVD-2000-0753
Malware in sbrugna...
Deliberately Insecure Web Application: OWASP WebGoat
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...
CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...
Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting
Maxwebportal 1.30 - search.asp?Search Cross-Site Scripting source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site...
Maxwebportal 1.30 - Remote Database Disclosure
source: https://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An attacker may execute arbitrary scri...
Max Web Portal < 1.30 - Multiple Vulnerabilities
Max Web Portal Multiple Vulnerabilities Vendor: Max Web Portal Product: Max Web Portal Version: alertdocument.cookie Remember this vuln as I will later explain how it can be used to aide an attacker to compromise user and admin accounts. Hidden Form Field weakness: The Max Web Portal system seems...
CVE-2002-2302
3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify the prices in their shopping carts by modifying the price in a hidden form field...
CVE-2000-0758
The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the listadmin hidden form field...
CVE-2000-0758
The CVE-2000-0758 entry affects Lyris List Manager 3 and 4; the web interface allows subscribers to obtain administrative access by modifying the hidden form field list_admin. Root cause is insufficient server-side validation of this hidden field, enabling privilege escalation from a subscriber. ...
CVE-2000-0554
Ceilidh allows remote attackers to obtain the real path of the Ceilidh directory via the translatedpath hidden form field...
QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field
QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source:...
QuickCommerce 2.5/3.0 / Cart32 2.5 a/3.0 / Shop Express 1.0 / StoreCreator 3.0 Web Shopping Cart - Hidden Form Field
E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source: https://www.securityfocus.com/bid/1237/info Various shopping cart applications use hidden form fields within the...