Contact Form & Lead Form Elementor Builder < 1.6.8 - Subscriber+ Arbitrary Lead Deletion

The plugin does not have capability and CSRF checks in the deleteleadsbackend AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber could delete arbitrary Leads. Attackers could also make any logged in users delete leads via a CSRF attack PoC POST...

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext...

GHSA-4JHC-WJR3-PWH2 An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext...

CVE-2020-35211

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext...

CVE-2020-35211

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext...

Design/Logic Flaw

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext...

WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.6.3 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Contact Form & Lead Form Elementor Builder plugin versions = 1.6.3. Solution Update the WordPress Contact Form & Lead Form Elementor Builder plugin to the latest available version at least 1.6...

Cross-site Request Forgery (CSRF)

oro/crm is vulnerable to cross-site forgery request attacks. The vulnerability exists due to an Insufficient permissions check in 'disqualifyAction' function which allows an attacker to execute the lead action without CSRF token check...

CVE-2021-39198

OroCRM is an open source Client Relationship Management CRM application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. There are no workarounds that address this vulnerability and all...

The disqualify lead action may be executed without CSRF token check

Summary The attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. Workarounds There are no workarounds that address this vulnerability...

GHSA-VF7H-6246-HM43 The disqualify lead action may be executed without CSRF token check

Summary The attacker is able to disqualify any Lead with a Cross-Site Request Forgery CSRF attack. Workarounds There are no workarounds that address this vulnerability...

CVE-2021-36832

WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram versions = 2.0.2 vulnerable at "Headline" &messagedata16headline input...

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on PHP and MySQL servers.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the...

CVE-2021-33849

A Cross-Site Scripting XSS attack can cause arbitrary code JavaScript to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload...

WordPress 插件 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in Wordpress Zoho CRM Lead Magnet plugin version 1.7.2.4, which...

WordPress Wise Agent Lead Capture Forms plugin <= 1.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Wise Agent Lead Capture Forms plugin versions = 1.0. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...

Daybyday cross-site scripting vulnerability (CNVD-2020-75072)

Daybyday is a customer relationship management system. A stored cross-site scripting vulnerability exists in Daybyday 2.1.0. The vulnerability can be exploited to conduct cross-site scripting attacks via the Title parameter of the New Lead screen...

CVE-2020-35704

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen...

CVE-2020-35704

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen...

Cross site scripting

Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen...