Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2004-0478
Unknown versions of Mozilla allow remote malicious users to cause a denial of service (high CPU/RAM consumption) using Javascript with an infinite loop that continues to add input to a form, possibly as the result of inserting control characters, as demonstrated using an embedded...
Mozilla Mozilla
5
CVSSv2
CVE-2016-3165
The Form API in Drupal 6.x prior to 6.38 ignores access restrictions on submit buttons, which might allow remote malicious users to bypass intended access restrictions by leveraging permission to submit a form with a button that has "#access" set to FALSE in the server-...
Drupal Drupal 6.37
Drupal Drupal 6.9
Drupal Drupal 6.29
Drupal Drupal 6.28
Drupal Drupal 6.27
Drupal Drupal 6.26
Drupal Drupal 6.14
Drupal Drupal 6.13
Drupal Drupal 6.12
Drupal Drupal 6.11
Drupal Drupal 6.4
Drupal Drupal 6.7
Drupal Drupal 6.5
Drupal Drupal 6.33
Drupal Drupal 6.31
Drupal Drupal 6.3
Drupal Drupal 6.25
Drupal Drupal 6.23
Drupal Drupal 6.17
Drupal Drupal 6.15
Drupal Drupal 6.10
Drupal Drupal 6.0
4.3
CVSSv2
CVE-2016-8738
In Apache Struts 2.5 up to and including 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.1
Apache Struts 2.5.2
4.3
CVSSv2
CVE-2015-6732
Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote malicious users to inject arbitrary web script or HTML via the (1) wpSummary parameter to Special:FormEdit, the (2) "Template label (optional)" field in a form,...
Semanticforms Project Semanticforms -
6.8
CVSSv2
CVE-2018-15682
An issue exists in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated user to a web page that automatically submits a form on their behalf.
Btiteam Xbtit
4.3
CVSSv2
CVE-2008-6831
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote malicious users to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrat...
Atlassian Jira 3.13
3.5
CVSSv2
CVE-2022-0376
The User Meta WordPress plugin prior to 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unf...
User-meta User Meta User Profile Builder And User Management
NA
CVE-2023-28896
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on...
Preh Mib3 Firmware
4
CVSSv2
CVE-2020-28923
An issue exists in Play Framework 2.8.0 up to and including 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version before 2.8.0 that used the Play Java API to serialize classes with protected or pri...
Lightbend Play Framework
5
CVSSv2
CVE-2006-6422
Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote malicious users to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. NOTE: The provenance of this inf...
Agileco Agilebill 1.4.93
Agileco Agilevoice 1.4
Agileco Agilebill 1.4
Agileco Agilebill 1.4.92
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »