2 matches found
WordPress FormGet Contact Form Plugin <= 5.5.5 is vulnerable to Cross Site Scripting (XSS)
Software FormGet Contact Form Type Plugin Vulnerable versions = 5.5.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5125 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6838d413b93d Credits Lana Codes Required...
FormGet Contact Form 5.3 - Stored XSS
The AJAX action ‘requestresponse’, defined in formget-contact-form/index.php line 278 is available to any logged in user. The parameter ‘value’ is accepted as valid, so long as the string ‘sideBar’ is found at a position other than 0 i.e. prefix the payload with a space. The ‘pageid’ parameter ca...