CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

Code injection

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

CVE-2021-41844

CVE-2021-41844 affects Crocoblock JetEngine (pre-2.9.1). The root cause is improper validation and sanitization of form data, enabling unauthenticated or low-privilege abuse via network access as described by the CVE records. NVD lists high/critical impact metrics (C/P/I/A partial to high) with n...

CVE-2021-41844

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data...

Crocoblock JetEngine 跨站脚本漏洞

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine prior to version 2.9.1 is vulnerable to a cross-site scripting vulnerability that stems from a lack of data validation filtering of user-supplied data and...

Crocoblock JetEngine 代码问题漏洞

crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. crocoblock JetEngine versions prior to 2.9.1 are vulnerable to a code issue that stems from the application's inability to properly validate and clean up form data. An attacker...

Crocoblock JetEngine 安全漏洞

Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively. A security vulnerability exists in Crocoblock JetEngine versions prior to 2.9.1 that stems from the application's inability to properly validate and clean form data...

PT-2021-23429 · Crocoblock · Crocoblock Jetengine

Name of the Vulnerable Software and Affected Versions: Crocoblock JetEngine versions prior to 2.9.1 Description: The issue arises from improper validation and sanitization of form data. Recommendations: For versions prior to 2.9.1, update to version 2.9.1 or later to resolve the issue...

Crocoblock JetEngine Cross-Site Scripting Vulnerability

Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively.A cross-site scripting vulnerability exists in Crocoblock JetEngine that can be exploited by attackers to perform XSS via custom form input...

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

Cross site scripting

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

CVE-2021-38607

CVE-2021-38607 affects Crocoblock JetEngine prior to 2.6.1, where XSS is possible via a custom form input by remote authenticated users. The issue stems from an input handling flaw in the plugin component responsible for form data, enabling reflected or stored XSS depending on how the input is pr...

CVE-2021-38607

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input...

Crocoblock JetEngine 跨站脚本漏洞

Crocoblock JetEngine is a dynamic content plugin that allows you to build complex websites quickly and cost-effectively.A cross-site scripting vulnerability exists in Crocoblock JetEngine that can be exploited by attackers to perform XSS via custom form input...