Lucene search
WpvulndbWPEX-ID:323D5FD0-ABE8-44EF-9127-EEA6FD4F3F3DHistoryJun 10, 2022 - 12:00 a.m.
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
2022-06-1000:00:00
wpvulndb
86
ninja forms
admin+
stored cross-site scripting
import
json file
xss payload
exploit
EPSS
0.001
Percentile
24.8%
The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
- Make a test form and then export it to your system.
- Edit the file and enter an XSS payload like "<img src=x onerror=alert('XSS')" inside the title object in the JSON file.
- Go back to the import/export tab and notice that the payload was executedRelated
cvelist
cvelist
nvd
nvd
CVE-2021-25066
2022-07-04 13:15:08
patchstack
patchstack
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin跨站脚本漏洞(CNVD-2022-58230)
2022-07-06 00:00:00
wpvulndb
wpvulndb
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
2022-06-10 00:00:00
prion
prion
Cross site scripting
2022-07-04 13:15:00
cve
cve
CVE-2021-25066
2022-07-04 13:15:08
openvas
openvas
WordPress Ninja Forms Contact Form Plugin < 3.6.10 Multiple Vulnerabilities
2022-07-05 00:00:00