Lucene search
K

21 matches found

NVD
NVD
added 2026/05/10 1:16 p.m.23 views

CVE-2021-47926

Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/10 12:43 p.m.37 views

CVE-2021-47926 WordPress Contact Form to Email 1.3.24 Stored XSS

Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...

6.4CVSS0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.8 views

WordPress Plugin Contact Form to Email 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.4CVSS5.7AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2011-3233

Malware in sbrugna...

7.5CVSS7.5AI score0.01103EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:29 a.m.14 views

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

6.8CVSS6.9AI score0.00402EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.9 views

CVE-2021-38154

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...

7.5CVSS6.7AI score0.04EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/01/24 11:47 a.m.7 views

WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Roby Firnando Yusuf in WordPress Plugin Contact Form Email versions = 1.3.52...

5.9CVSS6.1AI score0.00303EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/26 12:0 a.m.7 views

PT-2024-35413 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Mattermost versions 9.7.x through 9.7.1 Description: The issue arises from the failure to check if the email signup...

4.3CVSS7.4AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/23 4:58 p.m.35 views

CVE-2024-5143

A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...

6.6AI score0.00402EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/03/15 12:0 a.m.53 views

Ubuntu 16.04 ESM / 18.04 ESM : PHPMailer vulnerability (USN-5956-2)

The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5956-2 advisory. USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Tenabl...

9.8CVSS7AI score0.99714EPSS
Exploits61References2
CNVD
CNVD
added 2020/03/19 12:0 a.m.4 views

Multiple Lexmark Product Information Disclosure Vulnerabilities (CNVD-2020-41824)

Lexmark X, etc. are all products of Lexmark Corporation, U.S.A. The Lexmark X is an X-series printer.The Lexmark W is a W-series printer.The Lexmark T is a T-series printer. An information disclosure vulnerability exists in a number of Lexmark products, which can be exploited to obtain sensitive...

7.5CVSS6.2AI score0.01103EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/03/09 6:11 p.m.22 views

CVE-2011-3269

Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut...

7.2AI score0.01103EPSS
Exploits0References1
CVE
CVE
added 2020/03/09 6:11 p.m.82 views

CVE-2011-3269

CVE-2011-3269 affects Lexmark X, W, T, E, C, 6500e, and 25xxN printers. The issue is a information disclosure via a hidden email address in a Scan To Email shortcut, enabling attackers to obtain sensitive information. The connected documents corroborate the affected models and the disclosure vect...

7.5CVSS7.2AI score0.01103EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2020/03/05 10:9 p.m.100 views

Cross-site scripting in PHPMailer

PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...

6.1CVSS0.4AI score0.024EPSS
Exploits1References9Affected Software1
CNVD
CNVD
added 2019/10/12 12:0 a.m.8 views

WordPress contact-form-to-email plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-to-email is a plugin used to send contact form information to an email address. A cross-site request forgery vulnerabilit...

8.8CVSS6.5AI score0.00681EPSS
Exploits1References1
CVE
CVE
added 2019/08/13 4:46 p.m.59 views

CVE-2018-20963

CVE-2018-20963 affects the WordPress plugin contact-form-to-email , versions prior to 1.2.66. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient validation of client-side data in the plugin, enabling an attacker to execute arbitrary script in a victim’s browser. Public ...

6.1CVSS6.4AI score0.00915EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2017/07/20 11:29 p.m.21 views

CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

6.1CVSS6AI score0.024EPSS
Exploits1References6
OSV
OSV
added 2017/07/20 11:29 p.m.5 views

UBUNTU-CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

6.1CVSS6.7AI score0.024EPSS
Exploits1References6
Prion
Prion
added 2017/07/20 11:29 p.m.33 views

Cross site scripting

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

4.3CVSS6.1AI score0.024EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2017/07/20 11:29 p.m.3 views

DEBIAN-CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

6.1CVSS6.2AI score0.024EPSS
Exploits1References1
Rows per page
Query Builder