Lucene search

PatchstackCVE-2024-43220

HistoryAug 12, 2024 - 10:15 p.m.

CVE-2024-43220

2024-08-1222:15:11

CWE-79

Patchstack

web.nvd.nist.gov

cve-2024-43220

web page generation

xss

cross-site scripting

form maker by 10web

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS

Percentile

9.5%

JSON

Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.

Affected configurations

Vulners

Node

10web_form_builder_teamform_maker_by_10webRange≤1.15.26

VendorProductVersionCPE
10web_form_builder_teamform_maker_by_10web*cpe:2.3:a:10web_form_builder_team:form_maker_by_10web:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
10web_form_builder_team	form_maker_by_10web	*	cpe:2.3:a:10web_form_builder_team:form_maker_by_10web::::::::

CNA Affected

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "form-maker",
    "product": "Form Maker by 10Web",
    "vendor": "10Web Form Builder Team",
    "versions": [
      {
        "lessThanOrEqual": "1.15.26",
        "status": "affected",
        "version": "n/a",
        "versionType": "custom"
      }
    ]
  }
]

References

patchstack.com/database/vulnerability/form-maker/wordpress-form-maker-by-10web-plugin-1-15-26-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve