2 results (0.004 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Crocoblock JetEngine versiones anteriores a 2.9.1, no comprueba ni sanea correctamente los datos del formulario • https://crocoblock.com/changelog/?plugin=jet-engine • CWE-20: Improper Input Validation •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. Crocoblock JetEngine versiones anteriores a 2.6.1, permite un ataque de tipo XSS por parte de usuarios autenticados remotos por medio de una entrada de formulario personalizada. • https://crocoblock.com/changelog/?plugin=jet-engine https://crocoblock.com/plugins/jetengine • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •