42 matches found
CVE-2024-24836
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...
PT-2025-21285 · Weberp · Weberp
Name of the Vulnerable Software and Affected Versions: WebERP version 4.15.2 Description: An error-based SQL Injection SQLi vulnerability allows attackers to execute arbitrary SQL commands and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to...
PT-2024-33061
Name of the Vulnerable Software and Affected Versions Cloudlog version 2.6.15 Description The issue concerns an SQL injection vulnerability in Cloudlog's Oqrs.php request form, which can be exploited via the station id or callsign variables. This vulnerability allows attackers to manipulate the S...
Cloudlog 安全漏洞
Cloudlog is a self-hosted PHP application by the individual developer Peter Goodhall. Allows logging of amateur radio contacts from anywhere. A security vulnerability exists in Cloudlog version 2.6.15, which stems from the stationid parameter in the requestform function of the Oqrs.php page...
CVE-2024-24836
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...
CVE-2024-24836
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...
CVE-2024-24836 WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6...
CVE-2024-24836
CVE-2024-24836 is a stored XSS vulnerability in the Audrasjb GDPR Data Request Form WordPress plugin, affecting versions up to 1.6. The root cause is improper input neutralization during web page generation, enabling insertion of malicious scripts that are stored and later rendered to users. Mult...
PT-2024-20603 · Unknown · Audrasjb Gdpr Data Request Form
Name of the Vulnerable Software and Affected Versions: Audrasjb GDPR Data Request Form versions n/a through 1.6 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject...
WordPress Plugin GDPR Data Request Form Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress GDPR Data Request Form Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS)
Software GDPR Data Request Form Type Plugin Vulnerable versions = 1.6 Fixed in 1.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-24836 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7fd021f643aa Credits Ngô Thiên An ancorn from VNPT-VCI...
python-werkzeug: high resource usage when parsing multipart form data with many fields
A flaw was found in python-werkzeug. Werkzeug is multipart form data parser, that will parse an unlimited number of parts, including file parts. These parts can be a small amount of bytes, but each requires CPU time to parse, and may use more memory as Python data. If a request can be made to an...
Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly credentialed and experienced...
Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...
Request a Quote <= 2.3.7 - CSV Injection
The plugin does not validate uploaded CSV files, allowing unauthenticated users to attach a malicious CSV file to a quote, which could lead to a CSV injection once an admin download and open it On a page with a Quote Request form, upload the following CSV as an attachment: "First Name","Last...
CVE-2021-33988
Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...
CVE-2021-33988
Cross Site Scripting XSS. vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form...
Microweber 跨站脚本漏洞
Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber CMS version 1.2.7, which can be exploited ...
Unauthorized Access Vulnerability in Kaixin Account Privilege Request Forms
The QSI Employee Account Privilege Request Form is a system for managing account privileges. An unauthorized access vulnerability exists in the Kaixin Account Privilege Request Form, which can be exploited by an attacker to obtain sensitive information about the system...