Lucene search

[email protected]NVD:CVE-2024-32147

HistoryApr 15, 2024 - 7:15 a.m.

CVE-2024-32147

2024-04-1507:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2024-32147

cross-site scripting

stored xss

form plugin team

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Form Plugin Team - GhozyLab Easy Contact Form Lite allows Stored XSS.This issue affects Easy Contact Form Lite : from n/a through 1.1.23.

References

patchstack.com/database/vulnerability/contact-form-lite/wordpress-contact-form-plugin-plugin-1-1-23-cross-site-scripting-xss-vulnerability?_s_id=cve