5 results (0.007 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en FormMail.pl in Matt Wright FormMail v1.92 y posiblemente anteriores, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de direcciones URIs en los parámetros (1) request y (2) return_link_url. • https://www.exploit-db.com/exploits/8950 http://secunia.com/advisories/35068 http://www.securityfocus.com/archive/1/503446/100/0/threaded http://www.securityfocus.com/bid/34929 http://www.ush.it/team/ush/hack-formmail_192/adv.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0

Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html http://www.scriptarchive.com/readme/formmail.html#history http://www.securityfocus.com/bid/3955 https://exchange.xforce.ibmcloud.com/vulnerabilities/8013 •

CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1

Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html http://worldwidemart.com/scripts/formmail.shtml http://www.iss.net/security_center/static/8012.php http://www.securityfocus.com/bid/3954 •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message parameters. • http://marc.info/?l=bugtraq&m=98433523520344&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/6242 •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 1

Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. • https://www.exploit-db.com/exploits/19906 http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html http://www.perfectotech.com/blackwatchlabs/vul5_10.html http://www.securityfocus.com/bid/1187 •