Lucene search
Krzysztof ZającWPEX-ID:C12F6087-1875-4EDF-AC32-BEC6F712968DHistoryMar 28, 2022 - 12:00 a.m.
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-03-2800:00:00
Krzysztof Zając
95
caldera forms
security
cross-site scripting
EPSS
0.001
Percentile
40.2%
The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting
The issue is only exploitable when there are no forms created yet
https://example.com/?cf-api=%22%20style=position:fixed;left:0;top:0;right:0;bottom:0;%20onmouseover=alert(1)%20xRelated
cve
cve
CVE-2022-0879
2022-04-18 18:15:08
patchstack
patchstack
prion
prion
Cross site scripting
2022-04-18 18:15:00
cnvd
cnvd
WordPress plugin Caldera Forms cross-site scripting vulnerability
2022-04-19 00:00:00
wpvulndb
wpvulndb
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-03-28 00:00:00
nvd
nvd
CVE-2022-0879
2022-04-18 18:15:08
cvelist
cvelist
CVE-2022-0879 Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-04-18 17:10:39