CVE-2023-2701

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

CVE-2023-2701 Gravity Forms < 2.7.5 - Reflected XSS

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin...

CVE-2023-2701

CVE-2023-2701 affects Gravity Forms for WordPress prior to 2.7.5. The issue is that the plugin does not escape generated URLs before outputting them in HTML attributes, causing a Reflected XSS that could target admin/high-privilege users. Remediation: upgrade to Gravity Forms 2.7.5 or later (or a...

WordPress Gravity Forms Plugin < 2.7.5 is vulnerable to Cross Site Scripting (XSS)

Software Gravity Forms Type Plugin Vulnerable versions 2.7.5 Fixed in 2.7.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2701 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 17cbc85493b8 Credits Fioravante Souza WPScan...