4 matches found
CVE-2022-50684
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection
An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...
PT-2024-40089 · Silverstripe · Silverstripe-Secureassets +1
Name of the Vulnerable Software and Affected Versions: silverstripe-userforms versions prior to 3.0.0 silverstripe-userforms version 3.0.0 when used with silverstripe-secureassets module Description: The issue allows CMS administrators to create public-facing forms with file upload abilities, whi...