CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2009-1776 – formmail 1.92 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-1776
22 May 2009 — Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en FormMail.pl in Matt Wright FormMail v1.92 y posiblemente anteriores, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a tra... • https://www.exploit-db.com/exploits/8950 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2002-1771
https://notcve.org/view.php?id=CVE-2002-1771
31 Dec 2002 — Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by CC:, BCC:, or additional TO: fields in the email and realname CGI variables. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2002-2109
https://notcve.org/view.php?id=CVE-2002-2109
31 Dec 2002 — Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/URL after the beginning of the referer, or (3) a spoofed referer with a trusted domain/URL in the beginning (hostname) portion of the referer. • http://archives.neohapsis.com/archives/bugtraq/2002-01/0307.html •