Описание
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.7.3 (исключая)
cpe:2.3:a:contact_form_submissions_project:contact_form_submissions:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 94%
0.14825
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 4 года назад
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission
EPSS
Процентиль: 94%
0.14825
Средний
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79