VYPR

MailForm

by MailForm

CVEs (6)

  • CVE-2020-5553CriMar 25, 2020
    risk 0.64cvss 9.8epss 0.02

    mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.

  • CVE-2022-21805MedFeb 8, 2022
    risk 0.40cvss 6.1epss 0.01

    Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.

  • CVE-2021-20723MedMay 24, 2021
    risk 0.40cvss 6.1epss 0.01

    Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018 July 27) allows a remote attacker to inject an arbitrary script via unspecified…

  • CVE-2020-5552MedMar 25, 2020
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2010-4939Oct 9, 2011
    risk 0.03cvss epss 0.02

    PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.

  • CVE-2000-0877Nov 14, 2000
    risk 0.00cvss epss 0.02

    mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.