Lucene search
WpvulndbWPEX-ID:298FBE34-62C2-4E56-9BDB-90DA570C5BBEHistoryJun 21, 2023 - 12:00 a.m.
Gravity Forms < 2.7.5 - Reflected XSS
2023-06-2100:00:00
wpvulndb
193
gravity forms
version 2.7.5
reflected xss
EPSS
0.001
Percentile
35.8%
The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.
Make a logged in admin open the following URL:
https://examle.com/wp-admin/admin.php?page=gf_edit_forms&s=vulnerable&"><script>alert(/XSS/)</script>=2Related
wpvulndb
wpvulndb
Gravity Forms < 2.7.5 - Reflected XSS
2023-06-21 00:00:00
cve
cve
CVE-2023-2701
2023-07-17 14:15:10
cvelist
cvelist
CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS
2023-07-17 13:30:00
nvd
nvd
CVE-2023-2701
2023-07-17 14:15:10
prion
prion
Cross site scripting
2023-07-17 14:15:00
wordfence
wordfence