Lucene search
Akash Rajendra PatilWPEX-ID:A1AE4512-0B5B-4F36-8334-14633BF24758HistoryApr 07, 2022 - 12:00 a.m.
Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
2022-04-0700:00:00
Akash Rajendra Patil
76
visual form builder
admin+
stored xss
e-mail field
payload
exploit
EPSS
0.001
Percentile
24.8%
The plugin does not sanitise and escape the form’s ‘Email to’ field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
Create/edit a form and put the following payload in the 'E-mail To' field: "><img src onerror=alert(/XSS/)>
The XSS will be triggered when editing the formRelated
cve
cve
CVE-2022-1046
2022-05-02 16:15:08
prion
prion
Cross site scripting
2022-05-02 16:15:00
nvd
nvd
CVE-2022-1046
2022-05-02 16:15:08
cnvd
cnvd
WordPress Visual Form Builder plugin cross-site scripting vulnerability
2022-05-07 00:00:00
wpvulndb
wpvulndb
Visual Form Builder < 3.0.7 - Admin+ Stored Cross-Site Scripting
2022-04-07 00:00:00
cvelist
cvelist
patchstack
patchstack