exploitDog

CVE-2022-40191

Опубликовано: 09 сент. 2022

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

Ссылки

https://patchstack.com/database/vulnerability/mega-forms/wordpress-contact-form-by-mega-forms-plugin-1-2-4-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/mega-forms/#developers
Product
Release Notes
https://patchstack.com/database/vulnerability/mega-forms/wordpress-contact-form-by-mega-forms-plugin-1-2-4-authenticated-stored-cross-site-scripting-xss-vulnerability/_s_id=cve
Third Party Advisory
https://wordpress.org/plugins/mega-forms/#developers
Product
Release Notes

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:contact_form_by_mega_forms_project:contact_form_by_mega_forms:*:*:*:*:*:wordpress:*:*

Версия до 1.2.4 (включая)

EPSS

Процентиль: 49%

0.0026

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-qhq9-93x7-7x6h

CVSS3: 5.4

github

больше 3 лет назад

Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad's Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.

EPSS

Процентиль: 49%

0.0026

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79