Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-38145
An issue exists in Form Tools up to and including 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_resul...
Formtools Core
4.3
CVSSv2
CVE-2013-4594
The Payment for Webform module 7.x-1.x prior to 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.
Payment For Webform Project Payment For Webform 7.x-1.5
Payment For Webform Project Payment For Webform 7.x-1.2
Payment For Webform Project Payment For Webform 7.x-1.4
Payment For Webform Project Payment For Webform 7.x-1.0
Payment For Webform Project Payment For Webform 7.x-1.1
Payment For Webform Project Payment For Webform 7.x-1.3
6.8
CVSSv2
CVE-2020-12257
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
Rconfig Rconfig 3.9.4
6.5
CVSSv2
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and previous versions lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins maste...
Jenkins Play Framework
NA
CVE-2023-33948
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote malicious users to download any file from Document and Media via a crafted URL.
Liferay Liferay Portal 7.4.3.67
Liferay Digital Experience Platform 7.4
4.3
CVSSv2
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
7.5
CVSSv2
CVE-2011-1795
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome prior to 11.0.696.65 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via...
Google Chrome
3.5
CVSSv2
CVE-2021-24526
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin prior to 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scr...
10web Form Maker
7.5
CVSSv2
CVE-2006-0916
Bugzilla 2.19.3 up to and including 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another dom...
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.19.3
4.7
CVSSv2
CVE-2009-4197
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate malicious users to obtain the password from web bro...
Huawei Mt882 Modem Firmware 3.7.9.98
Huawei Mt882 Modem V100r002b020 Arg-t
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »