12 matches found
CVE-2022-4679
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4679
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4679
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
Cross site scripting
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4679 Wufoo Shortcode < 1.52 - Contributor+ Stored XSS via Shortcode
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4679 Wufoo Shortcode < 1.52 - Contributor+ Stored XSS via Shortcode
The Wufoo Shortcode WordPress plugin before 1.52 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4679
CVE-2022-4679 affects the Wufoo Shortcode WordPress plugin (pre-1.52). The vulnerability arises from not validating/escaping certain shortcode attributes before echoing them in pages/posts, enabling Stored Cross-Site Scripting via the shortcode when a user with Contributor+ privileges embeds it. ...
WordPress plugin Wufoo Shortcode 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Wufoo Shortcode Plugin < 1.52 is vulnerable to Cross Site Scripting (XSS)
Software Wufoo Shortcode Type Plugin Vulnerable versions 1.52 Fixed in 1.52 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4679 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID bb3df9d73484 Credits István Márton Required...
leadershiptransformations.wufoo.com XSS vulnerability
Open Bug Bounty ID: OBB-658371 Description| Value ---|--- Affected Website:| leadershiptransformations.wufoo.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:|...
infospace.wufoo.com XSS vulnerability
Vulnerable URL: https://infospace.wufoo.com/validation/redirect.php?redirect=https://www.openbugbounty.org/'"--!alert/OPENBUGBOUNTY/...
wufoo.com XSS vulnerability
Vulnerable URL: http://www.wufoo.com/examples/gravatar-party-list/getter.php?url=api/v3/forms/z7p0p1/entries.json%253Fsystem%253Dfalse'%22%26%25prompt/OPENBUGBOUNTY/...