Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown

CVE-2025-25145

Disclosure Date: February 07, 2025 (last updated February 07, 2025)
Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0.
0
0
Attacker Value
Unknown

CVE-2024-38773

Disclosure Date: July 22, 2024 (last updated July 30, 2024)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-4536

Disclosure Date: December 27, 2019 (last updated November 27, 2024)
Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2017-6216

Disclosure Date: July 03, 2019 (last updated November 27, 2024)
novaksolutions/infusionsoft-php-sdk v2016-10-31 is vulnerable to a reflected XSS in the leadscoring.php resulting code execution
0
0
Attacker Value
Unknown

CVE-2016-1000139

Disclosure Date: October 10, 2016 (last updated November 25, 2024)
Reflected XSS in wordpress plugin infusionsoft v1.5.11
0
0
Attacker Value
Unknown

CVE-2014-6446

Disclosure Date: September 26, 2014 (last updated October 05, 2023)
The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPress does not properly restrict access, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code via a request to utilities/code_generator.php.
0
0