49 matches found
Cross site scripting
XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...
CVE-2020-12635
WebForms Pro M2 extension for Magento 2 is affected by a cross-site scripting (XSS) vulnerability via the textarea field in versions prior to 2.9.17. Root cause reports indicate insufficient input validation on the client side. Impact is client-side code execution; exploit details are not provide...
CVE-2020-12635
XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field...
PT-2020-13175 · Magento · Webforms Pro M2
Name of the Vulnerable Software and Affected Versions: WebForms Pro M2 extension for Magento 2 versions prior to 2.9.17 Description: A cross-site scripting XSS issue exists in the WebForms Pro M2 extension for Magento 2. The issue is related to the textarea field. Recommendations: For versions...
CVE-2019-18925
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
CVE-2019-18925
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
CVE-2019-18924
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
CVE-2019-18924
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
Authentication flaw
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
Directory traversal
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
CVE-2019-18925
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
CVE-2019-18925
The records consistently identify an authentication bypass in Systematic IRIS WebForms 5.4, where “its functionalities can be accessed and used without any form of authentication.” Red Hat and NVD corroborate this as CVE-2019-18925, with a high/critical impact profile (CVSS v3.1: CRITICAL, base s...
CVE-2019-18924
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
CVE-2019-18924
CVE-2019-18924 affects IRIS WebForms 5.4. The root cause is a directory-traversal flaw: manipulating file-referencing variables with ../ and variations allows listing directories and checking for file existence. Exploitation or in-wild details are not provided in the connected documents. Remediat...
app.mailerlite.com XSS vulnerability
Open Bug Bounty ID: OBB-571526 Description| Value ---|--- Affected Website:| app.mailerlite.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
app.mailerlite.com XSS vulnerability
Open Bug Bounty ID: OBB-403288 Description| Value ---|--- Affected Website:| app.mailerlite.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Chea...
Telerik Reporting for ASP.NET WebForms Report Viewer Control Cross-Site Scripting Vulnerability
Telerik Reporting for ASP.NET WebForms Report Viewer control is an ASP.NET-based report generation control developed by Telerik Inc. A cross-site scripting vulnerability exists in Telerik Reporting for ASP.NET WebForms Report Viewer control versions prior to Telerik ASP.NET WebForms Report Viewer...
CVE-2017-9140
Cross-site scripting XSS vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd...
CVE-2017-9140
Cross-site scripting XSS vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd...
Cross site scripting
Cross-site scripting XSS vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd...