Skip to main content

Forms

4 CVEs product

Monthly

CVE-2021-37334 CRITICAL PATCH Act Now

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Forms
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2021-24505 MEDIUM POC This Month

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-23388 npm MEDIUM PATCH This Month

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Forms
NVD GitHub
CVSS 3.1
5.3
EPSS
1.7%
CVE-2019-2886 MEDIUM PATCH This Month

Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Forms
NVD
CVSS 3.1
6.1
EPSS
1.0%
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

Umbraco Forms version 4.0.0 up to and including 8.7.5 and below are vulnerable to a security flaw that could lead to a remote code execution attack and/or arbitrary file deletion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Forms
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forms
NVD WPScan
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

The package forms before 1.2.1, from 1.3.0 and before 1.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via email validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Forms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle Forms product of Oracle Fusion Middleware (component: Services). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Forms
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy