Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

a-form vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2007-2933
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and previous versions component for Joomla! allows remote malicious users to execute arbitrary SQL commands via the form_id parameter.
Phil-a-form Phil-a-form 1.2.0.0
NA
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions before 4.1.1 (for Movable Type 7 Series) and versions before 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated malicious user to inject an arbitrary script.
Ark-web A-form
5.5
CVSSv2
CVE-2011-2676
The A-Form and A-Form bamboo prior to 1.3.6 and 2.x prior to 2.0.3, and A-Form PC and PC/Mobile prior to 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors.
Ark-web A-formArk-web A-form 2.0.2Ark-web A-form PcArk-web A-form Pc MobileArk-web A-form Bamboo 2.0.2Ark-web A-form Bamboo 1.3.5
6.8
CVSSv2
CVE-2015-6965
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and previous versions for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) dele...
Creative-solutions Contact Form Generator
4.3
CVSSv2
CVE-2018-14951
The mail message display page in SquirrelMail up to and including 1.4.22 has XSS via a "<form action='data:text" attack.
Squirrelmail Squirrelmail
4.3
CVSSv2
CVE-2017-6591
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.
Django-epiceditor Project Django-epiceditor 0.2.3
5
CVSSv2
CVE-2000-0252
The dansie shopping cart application cart.pl allows remote malicious users to execute commands via a shell metacharacters in a form variable.
Craig Dansie Dansie Shopping Cart 3.0.4
NA
CVE-2023-4303
Jenkins Fortify Plugin 22.1.38 and previous versions does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Jenkins Fortify
4.6
CVSSv2
CVE-2001-0848
join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.
E-zone Media Fuse Talk
4.3
CVSSv2
CVE-2012-3566
Opera prior to 12.00 Beta allows user-assisted remote malicious users to cause a denial of service (application hang) via JavaScript code that changes a form before submission.
Opera Opera Browser 11.50Opera Opera Browser 10.63Opera Opera Browser 10.62Opera Opera Browser 10.10Opera Opera Browser 10.00Opera Opera Browser 9.61Opera Opera Browser 9.60Opera Opera Browser 9.27Opera Opera Browser 9.26Opera Opera Browser 9.25Opera Opera Browser 9.10Opera Opera Browser 9.02Opera Opera Browser 8.51Opera Opera Browser 8.50Opera Opera Browser 7.54Opera Opera Browser 7.22Opera Opera Browser 7.21Opera Opera Browser 6.1Opera Opera Browser 6.0Opera Opera Browser 5.0Opera Opera Browser 10.50Opera Opera Browser 8.53
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook