2 matches found
CVE-2023-3134 Forminator < 1.24.4 - Reflected XSS
The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks...
Forminator < 1.24.4 - Reflected XSS
The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. PoC 1. Create a "Contact Us" form from the plugin presets 2. Click on the Message field, go to the "Settings" tab and choose a...