Infusionsoft Gravity Forms Add-on <= 1.5.11 - Unauthenticated Reflected Cross-Site Scripting (XSS)

2016-04-1200:00:00

ethicalhack3r

wpscan.com

EPSS

0.001

Percentile

45.5%

JSON

The Infusionsoft Gravity Forms Add-on WordPress plugin was affected by an Unauthenticated Reflected Cross-Site Scripting (XSS) security vulnerability.

PoC

http://www.example.com/wp-content/plugins/infusionsoft/Infusionsoft/examples/leadscoring.php?ContactId=“><”

References

www.vapidlabs.com/wp/wp_advisory.php?v=864

www.openwall.com/lists/oss-security/2016/04/12/8

EPSS

0.001

Percentile

45.5%

JSON

Related for WPVDB-ID:0A60039B-A08A-4F51-A540-59F397DCEB6A