Lucene search
PRIOn knowledge basePRION:CVE-2021-24381HistoryOct 25, 2021 - 2:15 p.m.
Cross site scripting
2021-10-2514:15:00
PRIOn knowledge base
www.prio-n.com
7
0.001 Low
EPSS
Percentile
24.9%
The Ninja Forms Contact Form WordPress plugin before 3.5.8.2 does not sanitise and escape the custom class name of the form field created, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| contact_form | lt | 3.5.8.2 |
Related
wpvulndb
wpvulndb
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin cross-site scripting vulnerability
2021-10-28 00:00:00
nvd
nvd
CVE-2021-24381
2021-10-25 14:15:09
openvas
openvas
WordPress Ninja Forms Plugin < 3.5.8.2 XSS Vulnerability
2021-11-03 00:00:00
cvelist
cvelist
CVE-2021-24381 NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-10-25 13:20:32
cve
cve
CVE-2021-24381
2021-10-25 14:15:09
wpexploit
wpexploit
NinjaForms < 3.5.8.2 - Admin+ Stored Cross-Site Scripting
2021-09-27 00:00:00