Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-24705
The NEX-Forms WordPress plugin prior to 8.4.3 does not have CSRF checks in place when editing a form, and does not escape some of its settings as well as form fields before outputting them in attributes. This could allow malicious users to make a logged in admin edit arbitrary fo...
Basixonline Nex-forms
NA
CVE-2023-0546
The Contact Form Plugin WordPress plugin prior to 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as low as contributor to inject arbitrary javascript into a form which will tri...
Fluentforms Contact Form
NA
CVE-2023-0085
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. This is due to insufficient server side checking on the captcha value submitted during a form submission. This makes it possible for unauthen...
Wpmet Metform Elementor Contact Form Builder
7.5
CVSSv2
CVE-2001-1326
Eudora 5.1 allows remote malicious users to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker...
Qualcomm Eudora 5.1
1 EDB exploit
5
CVSSv2
CVE-2016-9838
An issue exists in components/com_users/models/registration.php in Joomla! prior to 3.6.5. Incorrect filtering of registration form data stored to the session on a validation error enables a user to gain access to a registered user's account and reset the user's group m...
Joomla Joomla\\!
1 EDB exploit
1 Github repository
NA
CVE-2023-38694
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.7.0, and 12.1.0, a user with access to a specific part of the backoffice is able to inject HTML code into a form where it is not intended. Versions 8.18.10, 10.7.0, ...
Umbraco Umbraco Cms
7.5
CVSSv2
CVE-2008-7049
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote malicious users to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due t...
Natterchat Natterchat 1.12
Natterchat Natterchat 1.1
2 EDB exploits
9.3
CVSSv2
CVE-2010-1399
WebKit in Apple Safari prior to 5.0 on Mac OS X 10.5 up to and including 10.6 and Windows, and prior to 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote malicious users to execute arbitrary code or cause a ...
Apple Safari 4.0.1
Apple Safari 4.0.0b
Apple Safari 4.0.3
Apple Safari 4.0.2
Apple Webkit
Apple Safari
Apple Safari 4.0
Apple Safari 4.0.4
5
CVSSv2
CVE-2022-24983
Forms generated by JQueryForm.com prior to 2022-02-05 allow remote malicious users to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This ...
Jqueryform Jqueryform
3.5
CVSSv2
CVE-2021-24168
The Easy Contact Form Pro WordPress plugin prior to 1.1.1.9 did not properly sanitise the text fields (such as Email Subject, Email Recipient, etc) when creating or editing a form, leading to an authenticated (author+) stored cross-site scripting issue. This could allow medium pr...
Easy Contact Form Pro Project Easy Contact Form Pro
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »