Lucene search
Veracode Vulnerability DatabaseVERACODE:38451HistoryDec 13, 2022 - 6:05 a.m.
Cross-Site Scripting (XSS)
2022-12-1306:05:09
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
cross-site scripting
vulnerable software
form data injection
EPSS
0.001
Percentile
36.9%
yikesinc/yikes-inc-easy-mailchimp-extender is vulnerable to cross-site scripting. The vulnerability exists because of unsanitized form data used in the add_field_to_form.php, allowing an attacker to inject and execute malicious JavaScript.
References
github.com/advisories/GHSA-837v-6vgx-jqcc
github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/commit/3662c6593aa1bb4286781214891d26de2e947695
github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/pull/889
github.com/EvanHerman/yikes-inc-easy-mailchimp-extender/releases/tag/6.8.6
vuldb.com/?id.215307
Related
cvelist
cvelist
nvd
nvd
CVE-2021-4244
2022-12-12 14:15:10
prion
prion
Cross site scripting
2022-12-12 14:15:00
osv
osv
CVE-2021-4244
2022-12-12 14:15:10
yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability
2022-12-12 15:30:31
github
github
yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability
2022-12-12 15:30:31
cve
cve
CVE-2021-4244
2022-12-12 14:15:10