Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-1694
The Useful Banner Manager WordPress plugin up to and including 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an malicious user to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.
Useful Banner Manager Project Useful Banner Manager
3.5
CVSSv2
CVE-2020-2244
Jenkins Build Failure Analyzer Plugin 1.27.0 and previous versions does not escape matching text in a form validation response, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to provide console output for builds used to test build log indica...
Jenkins Build Failure Analyzer
3.5
CVSSv2
CVE-2021-24526
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin prior to 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scr...
10web Form Maker
7.5
CVSSv2
CVE-2011-1795
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome prior to 11.0.696.65 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via...
Google Chrome
4.7
CVSSv2
CVE-2009-4197
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate malicious users to obtain the password from web bro...
Huawei Mt882 Modem Firmware 3.7.9.98
Huawei Mt882 Modem V100r002b020 Arg-t
1 EDB exploit
4.3
CVSSv2
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
6.5
CVSSv2
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and previous versions lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins maste...
Jenkins Play Framework
7.5
CVSSv2
CVE-2006-0916
Bugzilla 2.19.3 up to and including 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another dom...
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.19.3
NA
CVE-2023-33948
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote malicious users to download any file from Document and Media via a crafted URL.
Liferay Liferay Portal 7.4.3.67
Liferay Digital Experience Platform 7.4
4.3
CVSSv2
CVE-2015-6732
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote malicious users to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form,...
Semanticforms Project Semanticforms -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »