2 matches found
CVE-2022-21805
CVE-2022-21805 is a reflected XSS vulnerability in php_mailform prior to v1.40. The issue stems from insufficient cleanup of user-supplied data in the attached file name, enabling a remote unauthenticated attacker to inject arbitrary scripts via unspecified vectors and potentially execute in a vi...
CVE-2022-22142
CVE-2022-22142 describes a reflected XSS in the checkbox handling of php_mailform prior to version 1.40. The root cause is insufficient cleaning of user-supplied data in checkboxes, allowing a remote, unauthenticated attacker to inject arbitrary script via crafted requests (unspecified vectors). ...