Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
forms project forms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24536
Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can under...
Golang Go
NA
CVE-2023-24532
The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.
Golang Go
2 Github repositories
NA
CVE-2023-24534
HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more m...
Golang Go
NA
CVE-2023-24537
Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.
Golang Go
6.8
CVSSv2
CVE-2010-1668
Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara prior to 1.0.15, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5 allow remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Mahara Mahara 1.0.8
Mahara Mahara 1.0.7
Mahara Mahara 0.9.2
Mahara Mahara 1.0.10
Mahara Mahara 1.0.9
Mahara Mahara 1.0.2
Mahara Mahara 1.0.1
Mahara Mahara 1.0.0
Mahara Mahara 0.9.1
Mahara Mahara 1.0.12
Mahara Mahara 1.0.11
Mahara Mahara 1.0.4
Mahara Mahara 1.0.3
Mahara Mahara
Mahara Mahara 1.0.13
Mahara Mahara 1.0.6
Mahara Mahara 1.0.5
Mahara Mahara 0.9.0
Mahara Mahara 1.1.2
Mahara Mahara 1.1.3
Mahara Mahara 1.1.0
Mahara Mahara 1.1.4
4.3
CVSSv2
CVE-2010-2479
Cross-site scripting (XSS) vulnerability in HTML Purifier prior to 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Htmlpurifier Htmlpurifier
Htmlpurifier Htmlpurifier 3.1.0
Htmlpurifier Htmlpurifier 2.1.3
Htmlpurifier Htmlpurifier 2.1.0
Htmlpurifier Htmlpurifier 1.4.1
Htmlpurifier Htmlpurifier 1.4.0
Htmlpurifier Htmlpurifier 1.3.2
Htmlpurifier Htmlpurifier 3.3.0
Htmlpurifier Htmlpurifier 3.2.0
Htmlpurifier Htmlpurifier 3.0.0
Htmlpurifier Htmlpurifier 2.1.5
Htmlpurifier Htmlpurifier 2.1.2
Htmlpurifier Htmlpurifier 2.1.1
Htmlpurifier Htmlpurifier 2.0.0
Htmlpurifier Htmlpurifier 1.6.1
Htmlpurifier Htmlpurifier 1.1.1
Htmlpurifier Htmlpurifier 1.1.0
Htmlpurifier Htmlpurifier 1.0.1
Htmlpurifier Htmlpurifier 1.0.0
Htmlpurifier Htmlpurifier 4.0.0
Htmlpurifier Htmlpurifier 3.1.1
Htmlpurifier Htmlpurifier 2.1.4
4.3
CVSSv2
CVE-2010-1667
Multiple cross-site scripting (XSS) vulnerabilities in Mahara prior to 1.0.15, 1.1.x prior to 1.1.9, and 1.2.x prior to 1.2.5 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Mahara Mahara 0.9.1
Mahara Mahara 0.9.0
Mahara Mahara 1.0.5
Mahara Mahara 1.0.6
Mahara Mahara
Mahara Mahara 1.0.1
Mahara Mahara 1.0.2
Mahara Mahara 1.0.10
Mahara Mahara 1.0.11
Mahara Mahara 0.9.2
Mahara Mahara 1.0.0
Mahara Mahara 1.0.7
Mahara Mahara 1.0.8
Mahara Mahara 1.0.3
Mahara Mahara 1.0.4
Mahara Mahara 1.0.12
Mahara Mahara 1.0.13
Mahara Mahara 1.1.0
Mahara Mahara 1.1.6
Mahara Mahara 1.1.5
Mahara Mahara 1.1.7
Mahara Mahara 1.1.2
NA
CVE-2023-24538
Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the act...
Golang Go
2 Github repositories
7.5
CVSSv2
CVE-2010-1615
Multiple SQL injection vulnerabilities in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 allow remote malicious users to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation ...
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.8.11
Moodle Moodle 1.9.4
Moodle Moodle 1.9.3
Moodle Moodle 1.8.4
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.9.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.3
Moodle Moodle 1.8.10
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
4.3
CVSSv2
CVE-2010-1614
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspe...
Moodle Moodle 1.8.8
Moodle Moodle 1.8.2
Moodle Moodle 1.8.1
Moodle Moodle 1.8.7
Moodle Moodle 1.8.9
Moodle Moodle 1.8.3
Moodle Moodle 1.8.10
Moodle Moodle 1.9.6
Moodle Moodle 1.9.7
Moodle Moodle 1.8.6
Moodle Moodle 1.8.5
Moodle Moodle 1.8.11
Moodle Moodle 1.9.4
Moodle Moodle 1.8.4
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.2
Moodle Moodle 1.9.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »