Lucene search

K

Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting

🗓️ 09 Aug 2021 00:00:00Reported by Felipe Restrepo RodriguezType 
wpexploit
 wpexploit
👁 351 Views

Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting. Create new Form, add malicious payload in Title field to trigger XSS in admin dashboard

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2021-24513 Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting
6 Sep 202111:09
cvelist
NVD
CVE-2021-24513
6 Sep 202111:15
nvd
CVE
CVE-2021-24513
6 Sep 202111:15
cve
Prion
Cross site scripting
6 Sep 202111:15
prion
WPVulnDB
Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting
9 Aug 202100:00
wpvulndb
Create a new Form via the plugin, go to Form Settings then add the following payload in the Title field: "><img src onerror=alert(1)> and save the form

The XSS will be triggered when viewing/editing the form in the admin dashboard

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Aug 2021 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.001
351
.json
Report