MailForm
by MailForm
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-5553 | Cri | 0.64 | 9.8 | 0.02 | Mar 25, 2020 | mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. | ||
| CVE-2022-21805 | Med | 0.40 | 6.1 | 0.01 | Feb 8, 2022 | Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | ||
| CVE-2021-20723 | Med | 0.40 | 6.1 | 0.01 | May 24, 2021 | Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified… | ||
| CVE-2020-5552 | Med | 0.40 | 6.1 | 0.01 | Mar 25, 2020 | Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2010-4939 | 0.03 | — | 0.02 | Oct 9, 2011 | PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter. | |||
| CVE-2000-0877 | 0.00 | — | 0.02 | Nov 14, 2000 | mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker. |
- risk 0.64cvss 9.8epss 0.02
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified…
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-4939Oct 9, 2011risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
- CVE-2000-0877Nov 14, 2000risk 0.00cvss —epss 0.02
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.