129 matches found
CVE-2025-31434 WordPress FormLift for Infusionsoft Web Forms plugin <= 7.5.19 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.19...
CVE-2025-22504
Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms 4ecps-webforms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through = 0.2.18...
CVE-2025-22504
CVE-2025-22504 involves the 4ECPS Web Forms plugin. It is an Unrestricted Upload of File with Dangerous Type vulnerability that permits uploading a web shell to the server. Public details indicate affected software: 4ECPS Web Forms versions from unspecified start to 0.2.18. The CVE is linked to a...
WordPress plugin 4ECPS Web Forms 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...
WordPress 4ECPS Web Forms Plugin <= 0.2.18 - Arbitrary File Upload vulnerability
Arbitrary File Upload vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin 4ECPS Web Forms versions = 0.2.18...
php: Erroneous parsing of multipart form data
A flaw was found in PHP's parsing of multipart form data contents, which affects both file and input form data. This may lead to legitimate data not being processed, violating data integrity. For example, if a multipart form data payload contains a valid prefix 'X' of the defined boundary B such...
JVN#65724976: WordPress Plugin "Forminator" vulnerable to cross-site scripting
WordPress Plugin "Forminator" provided by WPMU DEV assists building web forms. When accessing the page including the web form created with Forminator, some information from the URL may be embedded to the web form. This feature processes the embedded information improperly, leading to cross-site...
CVE-2024-38773
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...
CVE-2024-38773
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...
CVE-2024-38773
CVE-2024-38773: WordPress FormLift for Infusionsoft Web Forms (
CVE-2024-38773 WordPress formlift plugin <= 7.5.17 - Unauthenticated Blind SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...
PT-2024-28209
Name of the Vulnerable Software and Affected Versions FormLift for Infusionsoft Web Forms versions n/a through 7.5.17 Description The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to improper neutralization of special elements used in an SQL command...
WordPress FormLift for Infusionsoft Web Forms Plugin <= 7.5.17 is vulnerable to SQL Injection
Software FormLift for Infusionsoft Web Forms Type Plugin Vulnerable versions = 7.5.17 Fixed in 7.5.18 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-38773 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID d19e614d84b5 Credits Asif Wani Required...
CVE-2024-35239
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be mitigated by configuring TitleAndDescription:AllowUnsafeHtmlRendering after upgrading to one of th...
Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-15359)
Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...
PT-2023-13469 · Tcman Gim · Tcman Gim
Name of the Vulnerable Software and Affected Versions: TCMAN GIM version 8.0.1 Description: The issue concerns the sReferencia, sDescripcion, txtCodigo, and txtDescripcion parameters in the "frmGestionStock.aspx" and "frmEditServicio.aspx" files, which could allow an attacker to perform persisten...
CVE-2023-22583
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
Sql injection
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
CVE-2023-22583 SQL Injection in Danfoss AK-EM100
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
CVE-2023-22583
CVE-2023-22583 affects the Danfoss AK-EM100 web-forms login functionality. The issue is an SQL injection vulnerability in the login forms, enabling potential unauthorized data access or manipulation. The core details across connected documents confirm the affected software (Danfoss AK-EM100 web i...