2 matches found
CVE-2022-2116 Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting...
CVE-2022-2116
CVE-2022-2116 affects the WordPress plugin Elementor Contact Form DB prior to version 1.8.0. The root cause is insufficient sanitisation/escaping of certain parameters when echoed back in HTML attributes, leading to a Reflected Cross-Site Scripting vulnerability. The exposed impact is a client-si...