Описание
Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means (a delivered email). This would require access to the form's email notification settings. This has been fixed in Formie 2.1.44.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.44 (исключая)
cpe:2.3:a:verbb:formie:*:*:*:*:*:craft_cms:*:*
EPSS
Процентиль: 34%
0.00141
Низкий
4.6 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.6
github
10 месяцев назад
Formie has XSS vulnerability for email notification content for preview
EPSS
Процентиль: 34%
0.00141
Низкий
4.6 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79