CVE-2021-41844
https://notcve.org/view.php?id=CVE-2021-41844
Crocoblock JetEngine before 2.9.1 does not properly validate and sanitize form data. Crocoblock JetEngine versiones anteriores a 2.9.1, no comprueba ni sanea correctamente los datos del formulario • https://crocoblock.com/changelog/?plugin=jet-engine • CWE-20: Improper Input Validation •
CVE-2021-38607
https://notcve.org/view.php?id=CVE-2021-38607
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. Crocoblock JetEngine versiones anteriores a 2.6.1, permite un ataque de tipo XSS por parte de usuarios autenticados remotos por medio de una entrada de formulario personalizada. • https://crocoblock.com/changelog/?plugin=jet-engine https://crocoblock.com/plugins/jetengine • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •