149 matches found
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
Input validation
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
CVE-2022-38400
CVE-2022-38400 affects Mailform Pro CGI 4.3.1 and earlier. The root cause is the Thanks module saving user input data for a short window (default 30 seconds), enabling a remote unauthenticated attacker to access a specially crafted URL and disclose user input data. Impact is information disclosur...
CVE-2022-38400
Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...
PT-2022-24408 · Unknown · Mailform Pro Cgi
Name of the Vulnerable Software and Affected Versions: Mailform Pro CGI versions 4.3.1 and earlier Description: The issue allows a remote unauthenticated attacker to obtain user input data by accessing a specially crafted URL. Recommendations: For Mailform Pro CGI versions 4.3.1 and earlier, at t...
SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is...
JVN#34205166: SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure
Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulnerability, it is require...
SYNCK GRAPHICA Mailform Pro CGI 信息泄露漏洞
SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI prior to version 4.3.1, which stems from the Thanks module saving user...
CVE-2022-22142
Reflected cross-site scripting vulnerability in the checkbox of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...
Multiple cross-site scripting vulnerabilities in php_mailform
Overview phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Reflected cross-site scripting vulnerability regarding the attached file name CWE-79 -...
Econosys System Php_Mailform 跨站脚本漏洞
Econosys System PhpMailform is a customizable open source Php mail form from Econosys System, Japan. A cross-site scripting vulnerability exists in econosys system phpmailform, which stems from insufficient cleanup of user-supplied data in attached filenames. A remote attacker could trick a victi...
CVE-2020-5553
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2020-5553
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2020-5552
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2020-5552
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2020-5553
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...
CVE-2020-5552
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2020-5553
CVE-2020-5553 affects mailform version 1.04 (keitai-site.net) and is a PHP script that allows remote arbitrary PHP code execution on the server. Root cause is a PHP code execution vulnerability (CWE-94); impact is remote compromise of confidentiality, integrity, and availability as described in t...
CVE-2020-5552
CVE-2020-5552 concerns the mailform PHP script by keitai-site.net, specifically version 1.04. The connected sources describe a stored cross-site scripting (CWE-79) vulnerability that can inject arbitrary script or HTML, potentially executing in the administrator’s browser when they access a site ...