9 matches found
CVE-2025-64515
Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...
CVE-2025-64515
Open Forms (Open Formulieren) is affected prior to versions 3.2.7 and 3.3.3 where prefill data fields that are dynamically set to readonly/disabled could be tampered with by malicious users. The underlying issue is that these fields can be modified despite a UI restriction, enabling data tamperin...
CVE-2025-64515 Open Forms prefill data in read-only components can be tampered
Open Forms allows users create and publish smart forms. Prior to versions 3.2.7 and 3.3.3, forms where the prefill data fields are dynamically set to readonly/disabled can be modified by malicious users deliberately trying to modify data they're not supposed to. For regular users, the form fields...
CVE-2024-12125 3scale-porta: readonly fields not validated server-side
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...
CVE-2024-12125 3scale-porta: readonly fields not validated server-side
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information...
SUSE CVE-2015-2241
Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by a @property...
Django Cross-Site Scripting Vulnerability (CNVD-2015-01672)
Django is Django Software Foundation of an open source Web application framework using the Python language . The framework includes an object-oriented mapper, view system, template system and so on. A cross-site scripting vulnerability exists in the 'contents' function in the admin/helpers.py fil...
DEBIAN-CVE-2015-2241
Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by a @property...
PYSEC-2015-8
Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by a @property...