Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-24381
HistoryOct 25, 2021 - 2:15 p.m.

CVE-2021-24381

2021-10-2514:15:09
CWE-79
[email protected]
web.nvd.nist.gov
1
cve-2021-24381
cross-site scripting
wordpress plugin

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON

The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Affected configurations

Nvd
Node
ninjaformscontact_formRange<3.5.8.2wordpress
VendorProductVersionCPE
ninjaformscontact_form*cpe:2.3:a:ninjaforms:contact_form:*:*:*:*:*:wordpress:*:*

Related

prion 1
wpvulndb 1
cnvd 1
cvelist 1
openvas 1
cve 1
wpexploit 1
prion
prion
Cross site scripting
2021-10-25 14:15:00
wpvulndb
wpvulndb
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
2021-10-28 00:00:00
cvelist
cvelist
CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-10-25 13:20:32
openvas
openvas
WordPress Ninja Forms Plugin < 3.5.8.2 XSS Vulnerability
2021-11-03 00:00:00
cve
cve
CVE-2021-24381
2021-10-25 14:15:09
wpexploit
wpexploit
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

24.8%

JSON
Related for NVD:CVE-2021-24381
prion1wpvulndb1cnvd1cvelist1openvas1cve1wpexploit1