Lucene search
K

149 matches found

OSV
OSV
added 2022/09/08 8:15 a.m.5 views

CVE-2022-38400

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...

5.9CVSS5.8AI score0.01244EPSS
Exploits1References4
Prion
Prion
added 2022/09/08 8:15 a.m.16 views

Input validation

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...

2.6CVSS5.7AI score0.01244EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/09/08 7:10 a.m.56 views

CVE-2022-38400

CVE-2022-38400 affects Mailform Pro CGI 4.3.1 and earlier. The root cause is the Thanks module saving user input data for a short window (default 30 seconds), enabling a remote unauthenticated attacker to access a specially crafted URL and disclose user input data. Impact is information disclosur...

5.9CVSS5.7AI score0.01244EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2022/09/08 7:10 a.m.27 views

CVE-2022-38400

Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL...

5.9AI score0.01244EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2022/09/08 12:0 a.m.4 views

PT-2022-24408 · Unknown · Mailform Pro Cgi

Name of the Vulnerable Software and Affected Versions: Mailform Pro CGI versions 4.3.1 and earlier Description: The issue allows a remote unauthenticated attacker to obtain user input data by accessing a specially crafted URL. Recommendations: For Mailform Pro CGI versions 4.3.1 and earlier, at t...

5.9CVSS5.6AI score0.01244EPSS
Exploits1References8
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/05 6:22 a.m.1 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulerability, it is...

5.9CVSS6.1AI score0.01244EPSS
Exploits1References7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/09/05 12:0 a.m.34 views

JVN#34205166: SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure

Mailform Pro CGI provided by SYNCK GRAPHICA contains an information disclosure vulnerability CWE-200. Thanks module of this product saves user input data for a certain period of time. The time is set to 30 seconds by default in configs/thanks.cgi file. To exploit this vulnerability, it is require...

5.9CVSS5.5AI score0.01244EPSS
Exploits1
CNNVD
CNNVD
added 2022/09/05 12:0 a.m.4 views

SYNCK GRAPHICA Mailform Pro CGI 信息泄露漏洞

SYNCK GRAPHICA Mailform Pro CGI is a mail form from SYNCK GRAPHICA Japan. It can be used as a multiple transmission, questionnaire form, and application form. A security vulnerability exists in SYNCK GRAPHICA Mailform Pro CGI prior to version 4.3.1, which stems from the Thanks module saving user...

5.9CVSS5.3AI score0.01244EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/02/08 11:15 a.m.7 views

CVE-2022-22142

Reflected cross-site scripting vulnerability in the checkbox of phpmailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors...

6.1CVSS6.4AI score0.00955EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2022/01/20 6:42 a.m.2 views

Multiple cross-site scripting vulnerabilities in php_mailform

Overview phpmailform provided by econosys system contains multiple cross-site scripting vulnerabilities listed below. Reflected cross-site scripting vulnerability regarding the checkbox CWE-79 - CVE-2022-22142 Reflected cross-site scripting vulnerability regarding the attached file name CWE-79 -...

6.1CVSS6.2AI score0.00955EPSS
Exploits0References7
CNNVD
CNNVD
added 2022/01/20 12:0 a.m.4 views

Econosys System Php_Mailform 跨站脚本漏洞

Econosys System PhpMailform is a customizable open source Php mail form from Econosys System, Japan. A cross-site scripting vulnerability exists in econosys system phpmailform, which stems from insufficient cleanup of user-supplied data in attached filenames. A remote attacker could trick a victi...

6.1CVSS6.4AI score0.00955EPSS
Exploits0References4
OSV
OSV
added 2020/03/25 2:15 a.m.3 views

CVE-2020-5553

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

9.8CVSS7.5AI score0.02274EPSS
Exploits0References1
NVD
NVD
added 2020/03/25 2:15 a.m.10 views

CVE-2020-5553

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

10CVSS9.8AI score0.02274EPSS
Exploits0References1
NVD
NVD
added 2020/03/25 2:15 a.m.10 views

CVE-2020-5552

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS6.1AI score0.00773EPSS
Exploits0References1
OSV
OSV
added 2020/03/25 2:15 a.m.5 views

CVE-2020-5552

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1CVSS5.9AI score0.00773EPSS
Exploits0References1
Prion
Prion
added 2020/03/25 2:15 a.m.10 views

Cross site scripting

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS6AI score0.00773EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/03/25 1:25 a.m.13 views

CVE-2020-5553

mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors...

9.9AI score0.02274EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/25 1:25 a.m.12 views

CVE-2020-5552

Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

6.1AI score0.00773EPSS
Exploits0References1
CVE
CVE
added 2020/03/25 1:25 a.m.46 views

CVE-2020-5553

CVE-2020-5553 affects mailform version 1.04 (keitai-site.net) and is a PHP script that allows remote arbitrary PHP code execution on the server. Root cause is a PHP code execution vulnerability (CWE-94); impact is remote compromise of confidentiality, integrity, and availability as described in t...

10CVSS9.7AI score0.02274EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/03/25 1:25 a.m.47 views

CVE-2020-5552

CVE-2020-5552 concerns the mailform PHP script by keitai-site.net, specifically version 1.04. The connected sources describe a stored cross-site scripting (CWE-79) vulnerability that can inject arbitrary script or HTML, potentially executing in the administrator’s browser when they access a site ...

6.1CVSS6AI score0.00773EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder