Lucene search
HistorySep 02, 2024 - 8:15 a.m.
CVE-2024-7354
ninja forms
wordpress
plugin
xss
vulnerability
url escaping
attribute
reflected cross-site scripting
high privilege users
admin
cve-2024-7354
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
9.6%
The Ninja Forms WordPress plugin before 3.8.11 does not escape an URL before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Related
cve
cve
CVE-2024-7354
2024-09-02 08:15:06
cvelist
cvelist
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
2024-09-02 06:00:01
vulnrichment
vulnrichment
CVE-2024-7354 Ninja Forms 3.8.6-3.8.10 - Reflected XSS
2024-09-02 06:00:01
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0
Percentile
9.6%
Related for NVD:CVE-2024-7354