Security Advisories

Vulnerabilities identified by Horizon during security assessments and research activities

Immagine

Unrestricted File Upload vulnerability via security bypass in Tassos Marino's Convert Forms extension - CVE-2024-40744

Horizon Security has identified an Unrestricted File Upload vulnerability involving the Convert Forms extension by Tassos Marinos, mainly used by web applications developed with well-known frameworks such as Joomla. This insecure behavior makes it possible to upload any type of file to the web server, which could allow the distribution of malicious files to the form’s recipients or, depending on the server’s configuration, the potential execution of malicious code on the server hosting the web application.

Thursday, 5 December 2024AutoreHorizon Security Staff

Immagine

Reflected Cross-Site Scripting (XSS) in Tassos Marino's Convert Forms extension - CVE-2024-40745

Horizon Security identified a reflected Cross-Site Scripting (XSS) vulnerability affecting the Tassos Marino's Convert Forms extension, primarily used by web applications developed with well-known frameworks such as Joomla. This vulnerability allows unauthenticated attackers to create specially crafted malicious web pages aimed at forcing the victim's web browser to upload a file, containing malicious code in its name, to the web server via the vulnerable file upload functionality of the Convert Forms extension.

Wednesday, 4 December 2024AutoreHorizon Security Staff