Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting. Create new Form, add malicious payload in Title field to trigger XSS in admin dashboard
Reporter | Title | Published | Views | Family All 5 |
---|---|---|---|---|
![]() | CVE-2021-24513 Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting | 6 Sep 202111:09 | – | cvelist |
![]() | CVE-2021-24513 | 6 Sep 202111:15 | – | nvd |
![]() | CVE-2021-24513 | 6 Sep 202111:15 | – | cve |
![]() | Cross site scripting | 6 Sep 202111:15 | – | prion |
![]() | Form Builder < 1.9.8.4 - Authenticated Stored Cross-Site Scripting | 9 Aug 202100:00 | – | wpvulndb |
Create a new Form via the plugin, go to Form Settings then add the following payload in the Title field: "><img src onerror=alert(1)> and save the form
The XSS will be triggered when viewing/editing the form in the admin dashboard
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo