Lucene search
WpvulndbWPVDB-ID:323D5FD0-ABE8-44EF-9127-EEA6FD4F3F3DHistoryJun 10, 2022 - 12:00 a.m.
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
2022-06-1000:00:00
wpscan.com
8
ninja forms
cross-site scripting
admin+
import
xss
unfiltered_html
vulnerability
software
EPSS
0.001
Percentile
24.8%
The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PoC
- Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "
Related
cvelist
cvelist
nvd
nvd
CVE-2021-25066
2022-07-04 13:15:08
patchstack
patchstack
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin跨站脚本漏洞(CNVD-2022-58230)
2022-07-06 00:00:00
wpexploit
wpexploit
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
2022-06-10 00:00:00
prion
prion
Cross site scripting
2022-07-04 13:15:00
cve
cve
CVE-2021-25066
2022-07-04 13:15:08
openvas
openvas
WordPress Ninja Forms Contact Form Plugin < 3.6.10 Multiple Vulnerabilities
2022-07-05 00:00:00