Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2000-1187
Buffer overflow in the HTML parser for Netscape 4.75 and previous versions allows remote malicious users to execute arbitrary commands via a long password value in a form field.
Netscape Communicator
Netscape Navigator
383
VMScore
CVE-2019-11033
Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the <iframe./> substring.
Applaudsolutions Applaud Hcm 4.0.42\\+
383
VMScore
CVE-2021-21666
Jenkins Kiuwan Plugin 1.6.0 and previous versions does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Jenkins Kiuwan
383
VMScore
CVE-2020-2169
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and previous versions does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
Jenkins Queue Cleanup
445
VMScore
CVE-2020-25766
An issue exists in MISP prior to 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Misp Misp
668
VMScore
CVE-2012-0801
lib/formslib.php in Moodle 2.1.x prior to 2.1.4 and 2.2.x prior to 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
383
VMScore
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
Apache Struts 2.5.2
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.10.1
Apache Struts 2.5.8
1 Github repository
1 Article
NA
CVE-2023-41944
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and previous versions does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
Jenkins Aws Codecommit Trigger
312
VMScore
CVE-2018-11549
An issue exists in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
Wuzhicms Wuzhi Cms 4.1.0
605
VMScore
CVE-2019-1003007
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and previous versions in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows malicious users to execute arbitrary code via a form validation HTTP endpoint.
Jenkins Warnings
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »