Every CVE whose affected-product data names Matt Wright Formmail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2001-0357 — CVSS 7.5 (high): FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to send anonymous email (spam) by modifying the recipient and message…
CVE-2002-2109 — CVSS 7.5 (high): Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a…
CVE-2002-1771 — CVSS 5.0 (medium): Matt Wright FormMail 1.9 and earlier allows remote attackers to send spam or anonymous e-mail by injecting a newline character followed by…
CVE-2009-1777 — CVSS 5.0 (medium): CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allows remote attackers to inject arbitrary…
CVE-1999-0173 — CVSS 5.0 (medium): FormMail CGI program can be used by web servers other than the host server that the program resides on.
CVE-2000-0411 — CVSS 5.0 (medium): Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
CVE-2009-1776 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote…