129 matches found
CVE-2023-22583 SQL Injection in Danfoss AK-EM100
The Danfoss AK-EM100 web forms allow for SQL injection in the login forms...
CVE-2022-44628
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...
CVE-2022-44628
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...
CVE-2022-44628
CVE-2022-44628 affects the WordPress 4ECPS Web Forms plugin (versions
CVE-2022-44628 WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in JumpDEMAND Inc. 4ECPS Web Forms plugin = 0.2.17 on WordPress...
WordPress Plugin Web Forms 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
4ECPS Web Forms <= 0.2.17 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2022-27270 · WordPress · 4Ecps Web Forms
Name of the Vulnerable Software and Affected Versions: 4ECPS Web Forms plugin versions 0.2.17 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. It affects the 4ECPS Web Forms plugin on WordPress...
WordPress 4ECPS Web Forms plugin <= 0.2.17 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Hoang Van Hiep aka sk4rl1ghT Patchstack Alliance in WordPress 4ECPS Web Forms plugin versions = 0.2.17. Solution Update the WordPress 4ECPS Web Forms plugin to the latest available version at least 0.2.18...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
CVE-2022-41479
CVE-2022-41479 affects DevExpress ASP.NET Web Forms Build v19.2.3. The DevExpress Resource Handler (ASPxHttpHandlerModule) does not verify objects referenced by the /DXR.axd?r= HTTP GET parameter, causing an Insecure Direct Object References (IDOR) that can expose the application source code (ven...
PT-2022-25884 · Devexpress · Devexpress Asp.Net
Name of the Vulnerable Software and Affected Versions: DevExpress ASP.NET Web Forms Build version 19.2.3 Description: The DevExpress Resource Handler ASPxHttpHandlerModule does not verify the referenced objects in the "/DXR.axd?r=" HTTP GET parameter. This leads to an Insecure Direct Object...
CVE-2022-41479
The DevExpress Resource Handler ASPxHttpHandlerModule in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References IDOR vulnerability which allows attackers to access the application...
DevExpress ASP.NET Web Forms 安全漏洞
DevExpress ASP.NET Web Forms is a Web Forms control from DevExpress, USA. A security vulnerability exists in DevExpress ASP.NET Web Forms Build v19.2.3. An attacker can exploit the vulnerability to gain access to the application's source code...
Do You Know If Your Web Forms Are Secure?
By Owais Sultan Knowing if your forms are secure is a tricky one. Do you know if your front door is… This is a post from HackRead.com Read the original post: Do You Know If Your Web Forms Are Secure?...
GamePress <= 1.1.0 - Reflected Cross-Site Scripting
The plugin does not escape the opedit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues Affected pages: op=engines, op=perspectives, op=modes, op=genres, op=themes, op=platforms alert'xss'" document.test.submit;...
CVE-2021-32697
neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...
CVE-2021-32697
neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...
Design/Logic Flaw
neos/forms is an open source framework to build web forms. By crafting a special GET request containing a valid form state, a form can be submitted without invoking any validators. Form state is secured with an HMAC that is still verified. That means that this issue can only be exploited if Form...
CVE-2021-32697
The CVE-2021-32697 issue affects the Neos Form framework (neos/forms) where a crafted GET request with a valid form state can submit a form without triggering validators. The form state is protected by an HMAC that is still verified, so exploitation requires that Form Finishers may run actions ev...