Lucene search
K

129 matches found

Cvelist
Cvelist
added 2025/03/28 11:54 a.m.16 views

CVE-2025-31434 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.19 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.19...

6.5CVSS0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:23 a.m.15 views

CVE-2025-22504

Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through = 0.2.18...

10CVSS7.2AI score0.00468EPSS
Exploits0References1
CVE
CVE
added 2025/01/09 3:39 p.m.83 views

CVE-2025-22504

CVE-2025-22504 involves the 4ECPS Web Forms plugin. It is an Unrestricted Upload of File with Dangerous Type vulnerability that permits uploading a web shell to the server. Public details indicate affected software: 4ECPS Web Forms versions from unspecified start to 0.2.18. The CVE is linked to a...

10CVSS7.2AI score0.00468EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/09 12:0 a.m.4 views

WordPress plugin 4ECPS Web Forms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

10CVSS8.8AI score0.00468EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/01/07 1:55 p.m.7 views

WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin 4ECPS Web Forms versions = 0.2.18...

10CVSS7AI score0.00468EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/12/11 4:20 p.m.10 views

php: Erroneous parsing of multipart form data

A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...

5.3CVSS5.7AI score0.00947EPSS
Exploits1References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/09/09 12:0 a.m.20 views

JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting

WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...

6.1CVSS6.3AI score0.0041EPSS
Exploits0
OSV
OSV
added 2024/07/22 11:15 a.m.3 views

CVE-2024-38773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

9.8CVSS5.8AI score0.02004EPSS
Exploits0References1
NVD
NVD
added 2024/07/22 11:15 a.m.30 views

CVE-2024-38773

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

9.8CVSS0.02004EPSS
Exploits0References1
CVE
CVE
added 2024/07/22 10:7 a.m.54 views

CVE-2024-38773

CVE-2024-38773: WordPress FormLift for Infusionsoft Web Forms (

9.8CVSS9.7AI score0.02004EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/07/22 10:7 a.m.33 views

CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...

9.3CVSS0.02004EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.6 views

PT-2024-28209

Name of the Vulnerable Software and Affected Versions FormLift for Infusionsoft Web Forms versions n/a through 7.5.17 Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to improper neutralization of special elements used in an SQL command...

9.8CVSS5.6AI score0.02004EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/07/19 12:0 a.m.10 views

WordPress FormLift for Infusionsoft Web Forms Plugin <= 7.5.17 is vulnerable to SQL Injection

Software FormLift for Infusionsoft Web Forms Type Plugin Vulnerable versions = 7.5.17 Fixed in 7.5.18 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38773 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d19e614d84b5 Credits Asif Wani Required...

9.8CVSS7.2AI score0.02004EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/05/28 9:16 p.m.22 views

CVE-2024-35239

Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of th...

5.4CVSS3.7AI score0.00341EPSS
Exploits0References5
CNVD
CNVD
added 2024/03/20 12:0 a.m.4 views

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15359)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

5.4CVSS5.3AI score0.00418EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/04 12:0 a.m.6 views

PT-2023-13469 · Tcman Gim · Tcman Gim

Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.0.1 Description: The issue concerns the sReferencia, sDescripcion, txtCodigo, and txtDescripcion parameters in the "frmGestionStock.aspx" and "frmEditServicio.aspx" files, which could allow an attacker to perform persisten...

6.5CVSS6.1AI score0.00331EPSS
Exploits0References3
NVD
NVD
added 2023/06/11 2:15 p.m.26 views

CVE-2023-22583

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...

10CVSS10AI score0.00755EPSS
Exploits0References4
Prion
Prion
added 2023/06/11 2:15 p.m.19 views

Sql injection

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...

7.5CVSS9.8AI score0.00755EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/11 1:17 p.m.10 views

CVE-2023-22583 SQL Injection in Danfoss AK-EM100

The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...

10CVSS8.3AI score0.00755EPSS
Exploits0References2
CVE
CVE
added 2023/06/11 1:17 p.m.44 views

CVE-2023-22583

CVE-2023-22583 affects the Danfoss AK-EM100 web-forms login functionality. The issue is an SQL injection vulnerability in the login forms, enabling potential unauthorized data access or manipulation. The core details across connected documents confirm the affected software (Danfoss AK-EM100 web i...

10CVSS10AI score0.00755EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder