Lucene search
+L

4 matches found

OpenVAS
OpenVAS
added 2023/08/15 12:0 a.m.14 views

WordPress Caldera Forms Plugin < 1.9.5 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:calderaforms:calderaforms"; ifdescription...

4.8CVSS5.3AI score0.00598EPSS
Exploits2References1
Circl
Circl
added 2021/12/13 2:24 p.m.5 views

CVE-2021-24896

creationtimestamp| type| source ---|---|--- 2021-12-13 14:24:12+00:00| seen| https://t.me/cibsecurity/33815...

4.8CVSS4.9AI score0.00598EPSS
Exploits2References1
Cvelist
Cvelist
added 2021/12/13 10:41 a.m.18 views

CVE-2021-24896 Caldera forms < 1.9.5 - Admin+ Stored Cross-Site Scripting

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

5AI score0.00598EPSS
Exploits2References1
CVE
CVE
added 2021/12/13 10:41 a.m.60 views

CVE-2021-24896

The CVE-2021-24896 entry concerns the WordPress Caldera Forms plugin prior to 1.9.5. The vulnerability arises because the plugin fails to sanitise and escape the Form Name before outputting it in HTML attributes, enabling Cross-Site Scripting (XSS) by high-privilege users even when unfiltered_htm...

4.8CVSS4.7AI score0.00598EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder