CVE-2024-6934

A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submissiontype=direct. The manipulation of the argument Form URL leads to cross site scripting. It is possible to initiate the attack...

PT-2024-37972 · Unknown · Form Tools

Name of the Vulnerable Software and Affected Versions: Form Tools version 3.1.1 Description: A problematic vulnerability has been found in Form Tools, affecting an unknown part of the file /admin/forms/add/step2.php?submission type=direct. The manipulation of the Form URL argument leads to...

YetiForceCrm 跨站脚本漏洞

YetiForceCrm is an open source Crm system from the Polish company YetiForce. A cross-site scripting vulnerability exists in versions of YetiForceCrm prior to 6.4.0, which stems from the undefined and unvalidated workflowModel-summary parameter on the Workflow module in Settings and is used direct...

mudaliarmatrimony.net XSS vulnerability

Open Bug Bounty ID: OBB-607987 Description| Value ---|--- Affected Website:| mudaliarmatrimony.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

spreadhub.com XSS vulnerability

Open Bug Bounty ID: OBB-601419 Description| Value ---|--- Affected Website:| spreadhub.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

t1nyc.net XSS vulnerability

Open Bug Bounty ID: OBB-537437 Description| Value ---|--- Affected Website:| t1nyc.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

campus virtual-lms (xss/SQL Injection) Multiple Vulnerabilities

No description provided by source. +-----------------------------------------------------------------------------+ LMS: Campus Virtual-LMS WEB: http://campusvirtualcomputrade.cae.net Autor: Yasión Fecha: 12 jun 2009 +-----------------------------------------------------------------------------+...

Input validation

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange AX information is signed, which allows remote attackers to modify...

CVE-2011-4314

CVE-2011-4314 affects OpenID4Java, where AxMessage.java did not verify that Attribute Exchange (AX) data is signed. This allows a remote attacker to modify AX information during MITM without detection. The issue is present in OpenID4Java prior to 0.9.6 final and is used by products such as JBoss ...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Campus Virtual-LMS allow 1 remote attackers to hijack the authentication of arbitrary users for requests that terminate a session via login/logout.php, and might allow remote attackers to hijack the authentication of certain users via a ...

campus virtual-lms - Cross-Site Scripting SQL Injection

campus virtual-lms - Cross-Site Scripting SQL Injection +-----------------------------------------------------------------------------+ LMS: Campus Virtual-LMS WEB: http://campusvirtualcomputrade.cae.net Autor: Yasión Fecha: 12 jun 2009...