Lucene search
K

177 matches found

Patchstack
Patchstack
added 2019/03/05 12:0 a.m.19 views

WordPress Contact Form 7 Multi-Step Forms plugin <= 3.0.8 - Authenticated Option Update vulnerability (Fremius Library security issue)

Authenticated Option Update vulnerability Fremius Library security issue found in WordPress Contact Form 7 Multi-Step Forms plugin versions = 3.0.8. Solution Update the WordPress Contact Form 7 Multi-Step Forms plugin to the latest available version at least 3.0.9...

3.5AI score
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2019/02/18 12:0 a.m.30 views

WordPress Multi Step Form Plugin < 1.2.6 Multiple XSS Vulnerabilities

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

5.4CVSS6AI score0.01097EPSS
Exploits1References2
CNVD
CNVD
added 2018/12/24 12:0 a.m.4 views

WordPress Mondula Multi Step Form Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Mondula Multi Step Form is used in one of the drag-and-drop form builder plugin . A cross-site scripting...

5.4CVSS6AI score0.01097EPSS
Exploits1References1
Prion
Prion
added 2018/12/20 11:29 p.m.19 views

Cross site scripting

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...

3.5CVSS5.3AI score0.01097EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2018/12/20 11:29 p.m.24 views

CVE-2018-14846

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...

5.4CVSS5.4AI score0.01097EPSS
Exploits1References3
CVE
CVE
added 2018/12/20 10:0 p.m.49 views

CVE-2018-14846

CVE-2018-14846 affects WordPress users of the Mondula Multi Step Form Plugin (pre-1.2.8). The vulnerability is a stored XSS via wp-admin/admin-ajax.php, as described in multiple sources (NVD, CNVD, CVE listings). The issue stems from improper input handling in the plugin’s AJAX endpoint, enabling...

5.4CVSS5.4AI score0.01097EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/12/20 10:0 p.m.28 views

CVE-2018-14846

The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php...

5.5AI score0.01097EPSS
Exploits1References3
Patchstack
Patchstack
added 2018/08/09 12:0 a.m.33 views

WordPress Multi Step Form plugin <= 1.2.5 - Multiple Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerabilities

Multiple Unauthenticated Reflected Cross-Site Scripting XSS vulnerabilities found by Javier Olmedo in WordPress Multi Step Form plugin versions = 1.2.5. Solution Update the plugin WordPress Multi Step Form plugin to the latest available version at least 1.2.6...

6.1CVSS2.3AI score0.01255EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2018/07/25 11:29 p.m.29 views

Design/Logic Flaw

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

4.3CVSS6.6AI score0.01255EPSS
Exploits2References2Affected Software1
NVD
NVD
added 2018/07/25 11:29 p.m.27 views

CVE-2018-14430

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

6.1CVSS6.1AI score0.01255EPSS
Exploits2References2
Cvelist
Cvelist
added 2018/07/25 11:0 p.m.33 views

CVE-2018-14430

The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fwdata id1, fwdata id2, fwdata id3, fwdata id4, or email field of the contact form, exploitable with an fwsendemail action to wp-admin/admin-ajax.php...

6.7AI score0.01255EPSS
Exploits2References2
CVE
CVE
added 2018/07/25 11:0 p.m.52 views

CVE-2018-14430

The CVE-2018-14430 vulnerability affects the WordPress Mondula/Multi Step Form plugin and is described as a cross-site scripting (XSS) flaw in version 1.2.5 and earlier. The affected component is the Mondula Multi Step Form plugin for WordPress, with the root cause being XSS in input handling of ...

6.1CVSS6.2AI score0.01255EPSS
Exploits2References2Affected Software1
WPVulnDB
WPVulnDB
added 2018/07/20 12:0 a.m.35 views

Multi Step Form <= 1.2.5 - Multiple Unauthenticated Reflected XSS

WordPress Plugin Multi Step Form before 1.2.5 allows remote users to execute JavaScript code through Reflected XSS attacks. This issue can be exploited by unauthenticated attackers, by the use of CSRF, for example. PoC The following parameters are vulnerable in fwsenddata function: fwdataid1...

4.3CVSS0.01255EPSS
Exploits2References2Affected Software1
Drupal
Drupal
added 2018/05/09 12:0 a.m.8 views

Multi-Step Registration - Critical - Unsupported Module - SA-CONTRIB-2018-023

With Multi-Step Registration you can create multi-step wizard user account registration forms. The security team is marking this module unsupported. There is a known security issue with the module that has not been fixed by the maintainer. If you would like to maintain this module, please read:...

7.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2015/11/20 12:0 a.m.30 views

RedHat Update for sssd RHSA-2015:2355-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.5AI score0.03666EPSS
Exploits0References2
securityvulns
securityvulns
added 2010/03/16 12:0 a.m.54 views

...because you can&#39;t get enough of clickjacking

I promise to post something more interesting shortly - but in the meantime, I wanted to drop a quick note about something kinda amusing. There was a considerable amount of buzz around clickjacking 1 in the past year or so. It is commonly believed that this simple attack can only be realistically...

0.3AI score
Exploits0
CVE
CVE
added 2008/08/04 10:0 a.m.238 views

CVE-2003-1562

MODE C CVE-2003-1562 refers to a race condition in sshd/OpenSSH 3.6.1p2 and earlier, where with PermitRootLogin disabled and using PAM keyboard-interactive authentication, sshd does not insert a delay after a root password attempt. This timing discrepancy could enable remote attackers to infer wh...

7.6CVSS6.7AI score0.05573EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder