CVE-2023-40656

A reflected XSS vulnerability was discovered in the Quickform component for Joomla...

EUVD-2022-4333

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-1999022

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method,...

CVE-2023-40656

A reflected XSS vulnerability was discovered in the Quickform component for Joomla...

CVE-2023-40656

A reflected XSS vulnerability was discovered in the Quickform component for Joomla...

Cross site scripting

A reflected XSS vulnerability was discovered in the Quickform component for Joomla...

CVE-2023-40656

CVE-2023-40656 is a reflected XSS vulnerability in Joomla’s Quickform component. Across sources, the issue is described as a reflected XSS in Quickform, affecting Joomla extensions (notably plas­ma-web.ru listing) for versions 1.0.0–3.3.01. The CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A...

CVE-2023-40656 Extension - plasma-web.ru - Reflected XSS in Quickform component for Joomla 1.0.0-3.3.01

A reflected XSS vulnerability was discovered in the Quickform component for Joomla...

Joomla Security Breach

Joomla is an open source, cross-platform content management system CMS developed by the Open Source Matters team using PHP and MySQL. A security vulnerability exists in Joomla, which originates from a reflected cross-site scripting vulnerability in the Quickform component...

quickform, , Other

Developer states exploit is "hack yourself" scenario...

MGASA-2019-0049 Updated php-pear-HTML_QuickForm package fixes security vulnerability

A vulnerability in the HTMLQuickForm package has been found which potentially allows remote code execution...

FreeBSD : moodle -- multiple vulnerabilities (074cb225-bb2d-11e8-90e1-fcaa147e860e)

moodle reports : Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

moodle -- multiple vulnerabilities

moodle reports: Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered...

DEBIAN-CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

UBUNTU-CVE-2018-1999022

PEAR HTMLQuickForm version 3.2.14 contains an eval injection CWE-95 vulnerability in HTMLQuickForm's getSubmitValue method, HTMLQuickForm's validate method, HTMLQuickFormhierselect's setOptions method, HTMLQuickFormelement's findValue method, HTMLQuickFormelement's prepareValue method. that can...

Revive Adserver HTML_Quickform Library Security Bypass Vulnerability

Revive Adserver is an open source ad management system. Revive Adserver HTMLQuickform library has a security vulnerability that allows remote attackers can use empty tokens to bypass the CSRF protection mechanism...

CVE-2013-2083

The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request...

CVE-2013-2083

CVE-2013-2083 affects Moodle’s MoodleQuickForm implementation in lib/formslib.php. The issue arises from improper handling of a specific array-element syntax, allowing remote attackers to bypass form-data filtering via a crafted request. Affected are Moodle versions: 2.1.10 and earlier in the 2.1...

CVE-2011-4301

The CVE-2011-4301 issue affects Moodle’s Forms Library (MoodleQuickForm in lib/formslib.php) where the Forms API setConstant operation is not recognized. This allows remote attackers to submit unexpected form content by modifying constant field values. Affected versions are Moodle 1.9.x prior to ...