Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-2933
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and previous versions component for Joomla! allows remote malicious users to execute arbitrary SQL commands via the form_id parameter.
Phil-a-form Phil-a-form 1.2.0.0
1 EDB exploit
NA
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions before 4.1.1 (for Movable Type 7 Series) and versions before 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated malicious user to inject an arbitrary script.
Ark-web A-form
5.5
CVSSv2
CVE-2011-2676
The A-Form and A-Form bamboo prior to 1.3.6 and 2.x prior to 2.0.3, and A-Form PC and PC/Mobile prior to 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.
Ark-web A-form
Ark-web A-form 2.0.2
Ark-web A-form Pc
Ark-web A-form Pc Mobile
Ark-web A-form Bamboo 2.0.2
Ark-web A-form Bamboo 1.3.5
6.8
CVSSv2
CVE-2015-6965
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) dele...
Creative-solutions Contact Form Generator
1 EDB exploit
4.3
CVSSv2
CVE-2018-14951
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<form action='data:text" attack.
Squirrelmail Squirrelmail
4.3
CVSSv2
CVE-2017-6591
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.
Django-epiceditor Project Django-epiceditor 0.2.3
5
CVSSv2
CVE-2000-0252
The dansie shopping cart application cart.pl allows remote malicious users to execute commands via a shell metacharacters in a form variable.
Craig Dansie Dansie Shopping Cart 3.0.4
NA
CVE-2023-4303
Jenkins Fortify Plugin 22.1.38 and previous versions does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Jenkins Fortify
4.6
CVSSv2
CVE-2001-0848
join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.
E-zone Media Fuse Talk
4.3
CVSSv2
CVE-2012-3566
Opera prior to 12.00 Beta allows user-assisted remote malicious users to cause a denial of service (application hang) via JavaScript code that changes a form before submission.
Opera Opera Browser 11.50
Opera Opera Browser 10.63
Opera Opera Browser 10.62
Opera Opera Browser 10.10
Opera Opera Browser 10.00
Opera Opera Browser 9.61
Opera Opera Browser 9.60
Opera Opera Browser 9.27
Opera Opera Browser 9.26
Opera Opera Browser 9.25
Opera Opera Browser 9.10
Opera Opera Browser 9.02
Opera Opera Browser 8.51
Opera Opera Browser 8.50
Opera Opera Browser 7.54
Opera Opera Browser 7.22
Opera Opera Browser 7.21
Opera Opera Browser 6.1
Opera Opera Browser 6.0
Opera Opera Browser 5.0
Opera Opera Browser 10.50
Opera Opera Browser 8.53
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »