5 matches found
CVE-2022-2187
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2187
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2187
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2187 Contact Form 7 Captcha < 0.1.2 - Reflected Cross-Site Scripting
The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $SERVER'REQUESTURI' parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers...
CVE-2022-2187
The CVE-2022-2187 issue affects the WordPress Contact Form 7 Captcha plugin (versions before 0.1.2). Root cause: the plugin does not escape the $_SERVER['REQUEST_URI'] value before outputting it in an attribute, allowing reflected XSS in some browsers. Impact: reflected XSS could enable script in...