exploitDog

GHSA-h3jv-jqj2-3j68

Опубликовано: 02 сент. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Ссылки

EPSS

Процентиль: 78%

0.01175

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2024-7354

CVSS3: 6.1

nvd

больше 1 года назад

The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

EPSS

Процентиль: 78%

0.01175

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79