Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms project forms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-3340
A cross-site scripting (XSS) vulnerability in many forms of Wikindx prior to 5.7.0 and 6.x up to and including 6.4.0 allows remote malicious users to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php.
Wikindx Project Wikindx
7.5
CVSSv2
CVE-2016-6175
Eval injection vulnerability in php-gettext 1.0.12 and previous versions allows remote malicious users to execute arbitrary PHP code via a crafted plural forms header.
Php-gettext Project Php-gettext
1 EDB exploit
1 Github repository
3.5
CVSSv2
CVE-2018-1000415
A cross-site scripting vulnerability exists in Jenkins Rebuilder Plugin 1.28 and previous versions in RebuildAction/BooleanParameterValue.jelly, RebuildAction/ExtendedChoiceParameterValue.jelly, RebuildAction/FileParameterValue.jelly, RebuildAction/LabelParameterValue.jelly, Rebu...
Rebuild Project Rebuild
6.5
CVSSv2
CVE-2020-11010
In Tortoise ORM prior to 0.15.23 and 0.16.6, various forms of SQL injection have been found for MySQL and when filtering or doing mass-updates on char/text fields. SQLite & PostgreSQL are only affected when filtering with contains, starts_with, or ends_with filters (and their...
Tortoise Orm Project Tortoise Orm
NA
CVE-2023-2869
The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-lev...
Wp-members Project Wp-members
4.3
CVSSv2
CVE-2014-4599
Multiple cross-site scripting (XSS) vulnerabilities in forms/search.php in the WP-Business Directory (wp-ttisbdir) plugin 1.0.2 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) edit, (2) search_term, (3) page_id, ...
Wp-business Directory Project Wp-business Directory
7.5
CVSSv2
CVE-2022-31056
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in...
Glpi-project Glpi
4.3
CVSSv2
CVE-2014-4583
Multiple cross-site scripting (XSS) vulnerabilities in forms/messages.php in the WP-Contact (wp-contact-sidebar-widget) plugin 1.0 and previous versions for WordPress allow remote malicious users to inject arbitrary web script or HTML via the (1) edit, (2) order_direction, (3) li...
Wp-contact Plugin Project Wp-contact-sidebar-widget
5
CVSSv2
CVE-2019-19729
An issue exists in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an malicious user to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectI...
Bson-objectid Project Bson-objectid 1.3.0
7.5
CVSSv2
CVE-2022-1386
The Fusion Builder WordPress plugin prior to 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to inte...
Fusion Builder Project Fusion Builder
Theme-fusion Avada
4 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »