Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-form vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-12257
rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user).
Rconfig Rconfig 3.9.4
668
VMScore
CVE-2021-38145
An issue exists in Form Tools up to and including 3.0.20. SQL Injection can occur via the export_group_id field when a low-privileged user (client) tries to export a form with data, e.g., manipulation of modules/export_manager/export.php?export_group_id=1&export_group_1_resul...
Formtools Core
668
VMScore
CVE-2006-0916
Bugzilla 2.19.3 up to and including 2.20 does not properly handle "//" sequences in URLs when redirecting a user from the login form, which could cause it to generate a partial URL in a form action that causes the user's browser to send the form data to another dom...
Mozilla Bugzilla 2.21.1
Mozilla Bugzilla 2.21.2
Mozilla Bugzilla 2.20
Mozilla Bugzilla 2.21
Mozilla Bugzilla 2.19.3
578
VMScore
CVE-2020-2200
Jenkins Play Framework Plugin 1.0.2 and previous versions lets users specify the path to the `play` command on the Jenkins master for a form validation endpoint, resulting in an OS command injection vulnerability exploitable by users able to store such a file on the Jenkins maste...
Jenkins Play Framework
383
VMScore
CVE-2016-5303
Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition prior to 5.2.16 allows remote malicious users to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink a...
Horde Groupware 5.2.15
312
VMScore
CVE-2021-24526
The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder WordPress plugin prior to 1.13.60 does not escape its Form Title before outputting it in an attribute when editing a form in the admin dashboard, leading to an authenticated Stored Cross-Site Scr...
10web Form Maker
668
VMScore
CVE-2011-1795
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome prior to 11.0.696.65 allows remote malicious users to cause a denial of service (application crash) or possibly have unspecified other impact via...
Google Chrome
NA
CVE-2023-33948
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote malicious users to download any file from Document and Media via a crafted URL.
Liferay Liferay Portal 7.4.3.67
Liferay Digital Experience Platform 7.4
475
VMScore
CVE-2009-4197
rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware 3.7.9.98 contains a form that does not disable the autocomplete setting for the password parameter, which makes it easier for local users or physically proximate malicious users to obtain the password from web bro...
Huawei Mt882 Modem Firmware 3.7.9.98
Huawei Mt882 Modem V100r002b020 Arg-t
1 EDB exploit
383
VMScore
CVE-2016-8738
In Apache Struts 2.5 up to and including 2.5.5, if an application allows entering a URL in a form field and the built-in URLValidator is used, it is possible to prepare a special URL which will be used to overload server process when performing validation of the URL.
Apache Struts 2.5
Apache Struts 2.5.5
Apache Struts 2.5.3
Apache Struts 2.5.4
Apache Struts 2.5.1
Apache Struts 2.5.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »