38 matches found
EUVD-2019-7140
Malware in sbrugna...
EUVD-2020-19486
Malware in sbrugna...
EUVD-2022-3158
Malicious code in bioql PyPI...
EUVD-2025-29363
Malicious code in bioql PyPI...
GHSA-256Q-HX8W-XCQX Silverstripe Framework user enumeration via timing attack on login and password reset forms
Impact User enumeration is possible by performing a timing attack on the login or password reset pages with user credentials. This was originally disclosed in https://www.silverstripe.org/download/security-releases/ss-2017-005/ for CMS 3 but was not patched in CMS 4+ References -...
WordPress Custom Registration and Custom Login Forms with New Recaptcha Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Custom Registration and Custom Login Forms with New Recaptcha Type Plugin Vulnerable versions = 1.0.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...
CVE-2023-2869 WP-Members Membership <= 3.4.7.3 - Missing Authorization to Settings Update
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the dofieldreorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorde...
CVE-2023-22583
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
PT-2023-18568 · Danfoss · Danfoss Ak-Em100
Name of the Vulnerable Software and Affected Versions: Danfoss AK-EM100 affected versions not specified Description: The issue concerns SQL injection in the login forms of the web interface. This allows for potential unauthorized access or manipulation of data. No information is provided about th...
CVE-2023-24709
An issue found in Paradox Security Systems IPR512 allows attackers to cause a denial of service via the login.html and login.xml parameters...
Symfony Open Redirect
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...
GHSA-89R2-5G34-2G47 Symfony Open Redirect
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the failurepath input field of login forms, an attacker can work around the redirection target restrictio...
Click Jacking
sylius/sylius is vulnerable to click-jacking attacks. An attacker can avoid login forms and load the malicious website within an iframe due to the missing HTTP headers...
WordPress Custom Registration and Custom Login Forms with New Recaptcha plugin <= 1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Custom Registration and Custom Login Forms with New Recaptcha plugin versions = 1.1. Solution No patched version available...
CVE-2020-23051
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting XSS vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields...
CVE-2021-26123
LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm...
Cross-Site Scripting (XSS)
silverstripe/framework is vulnerable to cross-site scripting XSS. A remote attacker is able to inject and execute arbitrary Javascript into a user's browser via the login and custom forms...
CVE-2019-19325
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS Cross-Site Scripting on some forms buil...
CVE-2012-2237
Multiple cross-site scripting XSS vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 javascript innerHTML as used when generating login forms, 2 links or 3 resources URLs, and 4 the Display nam...