21 matches found
CVE-2021-47926
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...
CVE-2021-47926 WordPress Contact Form to Email 1.3.24 Stored XSS
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name field. Attackers can craft form names containing JavaScript code that executes when other logged-in...
WordPress Plugin Contact Form to Email 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
EUVD-2011-3233
Malware in sbrugna...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
CVE-2021-38154
Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...
WordPress Contact Form to Email Plugin <= 1.3.52 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Roby Firnando Yusuf in WordPress Plugin Contact Form Email versions = 1.3.52...
PT-2024-35413 · Mattermost · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost versions 8.1.x through 8.1.12 Mattermost versions 9.5.x through 9.5.3 Mattermost versions 9.6.x through 9.6.1 Mattermost versions 9.7.x through 9.7.1 Description: The issue arises from the failure to check if the email signup...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
Ubuntu 16.04 ESM / 18.04 ESM : PHPMailer vulnerability (USN-5956-2)
The remote Ubuntu 16.04 ESM / 18.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5956-2 advisory. USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Tenabl...
Multiple Lexmark Product Information Disclosure Vulnerabilities (CNVD-2020-41824)
Lexmark X, etc. are all products of Lexmark Corporation, U.S.A. The Lexmark X is an X-series printer.The Lexmark W is a W-series printer.The Lexmark T is a T-series printer. An information disclosure vulnerability exists in a number of Lexmark products, which can be exploited to obtain sensitive...
CVE-2011-3269
Lexmark X, W, T, E, C, 6500e, and 25xxN devices before 2011-11-15 allow attackers to obtain sensitive information via a hidden email address in a Scan To Email shortcut...
CVE-2011-3269
CVE-2011-3269 affects Lexmark X, W, T, E, C, 6500e, and 25xxN printers. The issue is a information disclosure via a hidden email address in a Scan To Email shortcut, enabling attackers to obtain sensitive information. The connected documents corroborate the affected models and the disclosure vect...
Cross-site scripting in PHPMailer
PHPMailer versions prior to 5.2.24 released July 26th 2017 have an XSS vulnerability in one of the code examples, CVE-2017-11503. The codegenerator.phps example did not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it i...
WordPress contact-form-to-email plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. contact-form-to-email is a plugin used to send contact form information to an email address. A cross-site request forgery vulnerabilit...
CVE-2018-20963
CVE-2018-20963 affects the WordPress plugin contact-form-to-email , versions prior to 1.2.66. The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient validation of client-side data in the plugin, enabling an attacker to execute arbitrary script in a victim’s browser. Public ...
CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...
UBUNTU-CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...
Cross site scripting
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...
DEBIAN-CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...