CVE-2024-24309

In the module "Survey TMA" ecomizsurveytma up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction...

CVE-2024-24309

The CVE-2024-24309 affects the Ecomiz Survey TMA module for PrestaShop, up to version 2.0.0. The Red Hat/NVD entries and related advisories describe a design/logic flaw in the Survey TMA that allows a guest to download personal information without restriction, constituting an information disclosu...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, short message alerts, and product image scaling. A security vulnerability exists in Ecomiz for PrestaShop 2.0.0 and prior versions, which originated from a...

PT-2024-20350 · Prestashop · Ecomiz Survey Tma Module

Name of the Vulnerable Software and Affected Versions: Ecomiz Survey TMA module for PrestaShop versions up to 2.0.0 Description: A guest can download personal information without restriction in the affected module. Recommendations: For versions up to 2.0.0, update to a version later than 2.0.0 to...

CVE-2023-51534

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

CVE-2023-51534 WordPress Brave Popup Builder Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brave Brave – Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave – Create Popup, Optins, Lead Generation, Survey, Sticky...

CVE-2024-21796

Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...

Xxe

Electronic Deliverables Creation Support Tool Construction Edition prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool Design & Survey Edition prior to Ver1.0.4 improperly restrict XML external entity references XXE. By processing a specially crafted XML file, arbitrary files on t...

PT-2024-19063 · Unknown · Electronic Deliverables Creation Support Tool

Name of the Vulnerable Software and Affected Versions: Electronic Deliverables Creation Support Tool Construction Edition versions prior to 1.0.4 Electronic Deliverables Creation Support Tool Design & Survey Edition versions prior to 1.0.4 Description: The issue is related to the improper...

JVN#40049211: Improper restriction of XML external entity references (XXE) in Electronic Deliverables Creation Support Tool provided by Ministry of Defense

Electronic Deliverables Creation Support Tool provided by Ministry of Defense improperly restricts XML external entity references XXE CWE-611. Impact Processing a specially crafted XML file may lead to exposure of internal files on the system. Solution Update the Software Update the software to t...

CVE-2024-0721

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2024-0721

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to...

Cross site scripting

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to...

CVE-2024-0721 Jspxcms Survey Label cross site scripting

A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to...

Jspxcms 跨站脚本漏洞

Jspxcms is a scalable enterprise-class open source web content management system CMS. Jspxcms version 10.2.0 cross-site scripting vulnerability , the vulnerability stems from the lack of effective user-supplied data filtering and escaping component Survey Label Handler , an attacker can exploit t...

PT-2024-15780 · Jspxcms · Jspxcms

Name of the Vulnerable Software and Affected Versions: Jspxcms version 10.2.0 Description: A vulnerability has been found in the Survey Label Handler component, which can be exploited to lead to cross site scripting. The attack can be launched remotely. The manipulation of an unknown functionalit...

Cross site scripting

The Contact Form, Survey & Popup Form Plugin for WordPress – ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arfhttpreferrerurl’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This...

Surging JavaScript Threats Steal Your Secrets

Summary: The threat actors utilize malicious JavaScript samples, taking advantage of popular survey sites, low-quality hosting, and web chat APIs to steal sensitive information. They create chatbots registered under notable figures, like an Australian footballer, in specific campaigns...

WordPress Quiz And Survey Master Plugin <= 8.1.18 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quiz And Survey Master Type Plugin Vulnerable versions = 8.1.18 Fixed in 8.1.19 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-51521 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cab7ecf5313a Credits Brandon...