8 matches found
CVE-2026-0753
The Super Simple Contact Form plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sscfname' parameter in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2026-0753
Product affected: WordPress plugin “Super Simple Contact Form” (WP repository plugin). Vulnerability: Reflected Cross-Site Scripting via the request parameter sscf_name . Root cause: Insufficient input sanitization and output escaping in all versions up to and including 1.6.2. Impact: Unauthentic...
WordPress plugin Super Simple Contact Form 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2010-5038
PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...
Remote file inclusion
PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...
CVE-2010-5038
PHP remote file inclusion vulnerability in contact/contact.php in Groone's Simple Contact Form allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter...
CVE-2010-5038
The CVE-2010-5038 entry describes a PHP remote file inclusion vulnerability in Groone’s Simple Contact Form, specifically in contact/contact.php. The issue allows an attacker to cause arbitrary PHP code execution by supplying a malicious URL in the abspath parameter. Affected software component: ...
Cross site scripting
Cross-site scripting XSS vulnerability in sample-forms/simple-contact-form-with-preview/simple-contact-form-with-preview.html in MitriDAT eMail Form Processor Pro allows remote attackers to inject arbitrary web script or HTML via the basepath parameter, possibly related to 1 formprocessorpro.php ...