Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-11033
Applaud HCM 4.0.42+ uses HTML tag fields for HTML inputs in a form. This leads to an XSS vulnerability with a payload starting with the <iframe./> substring.
Applaudsolutions Applaud Hcm 4.0.42\\+
NA
CVE-2000-1187
Buffer overflow in the HTML parser for Netscape 4.75 and previous versions allows remote malicious users to execute arbitrary commands via a long password value in a form field.
Netscape Communicator
Netscape Navigator
6.1
CVSSv3
CVE-2021-21666
Jenkins Kiuwan Plugin 1.6.0 and previous versions does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
Jenkins Kiuwan
6.1
CVSSv3
CVE-2020-2169
A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and previous versions does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability.
Jenkins Queue Cleanup
7.5
CVSSv3
CVE-2020-25766
An issue exists in MISP prior to 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.
Misp Misp
NA
CVE-2012-0801
lib/formslib.php in Moodle 2.1.x prior to 2.1.4 and 2.2.x prior to 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
6.1
CVSSv3
CVE-2023-41944
Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and previous versions does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection vulnerability.
Jenkins Aws Codecommit Trigger
5.9
CVSSv3
CVE-2017-7672
If an application allows enter an URL in a form field and built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL. Solution is to upgrade to Apache Struts version 2.5.12.
Apache Struts 2.5.2
Apache Struts 2.5.10
Apache Struts 2.5.1
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.10.1
Apache Struts 2.5.8
1 Github repository
1 Article
5.4
CVSSv3
CVE-2018-11549
An issue exists in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a form[qq_10]= substring.
Wuzhicms Wuzhi Cms 4.1.0
8.8
CVSSv3
CVE-2019-1003007
A cross-site request forgery vulnerability exists in Jenkins Warnings Plugin 5.0.0 and previous versions in src/main/java/hudson/plugins/warnings/GroovyParser.java that allows malicious users to execute arbitrary code via a form validation HTTP endpoint.
Jenkins Warnings
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »