Lucene search

PRIOn knowledge basePRION:CVE-2022-23179

HistoryJan 16, 2024 - 4:15 p.m.

Cross site scripting

2024-01-1616:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

contact form

lead form

elementor builder

wordpress

plugin

vulnerability

nvd

unfiltered_html

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

14.2%

JSON

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

CPENameOperatorVersion
contact_form_\\&_lead_form_elementor_builderlt1.7.0

CPE	Name	Operator	Version
	contact_form_\\&_lead_form_elementor_builder	lt	1.7.0

References

wpscan.com/vulnerability/90b8af99-e4a1-4076-99fa-efe805dd4be4/