EUVD-2025-36025

Missing Authorization vulnerability in clicksend SMS Contact Form 7 Notifications by ClickSend clicksend-contactform7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SMS Contact Form 7 Notifications by ClickSend: from n/a through = 1.4.0...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getSuccessMessage field in the embedded message form container. An attacker can execute arbitrary JavaScript in the context of the affected application by submitting crafted input to this field. Details...

GHSA-VR7M-R9VM-M4WF PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)

Impact The isCleanHtml method is not used on this this form, which makes it possible to store an xss in DB. The impact is low because the html is not interpreted in BO, thanks to twig's escape mechanism. In FO, the xss is effective, but only impacts the customer sending it, or the customer sessio...

CVE-2019-20212

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form...

Phorum 3.4.x Message Form Field HTML Injection Variant Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7545/info An HTML injection issue has been reported which may lead to unauthorized code execution. It has been reported that it is possible to inject HTML or script code into the subject and other fields of a message in...

b2ePms 1.0 - Multiple SQL Injection Vulnerabilities

b2ePms 1.0 - Multiple SQL Injection Vulnerabilities Title: b2ePMS 1.0 multiple SQLi Vulnerabilities Version: 1.0 Author/Found by: loneferret Manifacturer/Software link: https://developer.berlios.de/projects/b2epms/ Other vulnerability: http://www.exploit-db.com/exploits/18882/ Date found: May 27t...