Lucene search
Koutrouss NaddaraWPVDB-ID:2E2E2478-2488-4C91-8AF8-69B07783854FHistoryJan 31, 2022 - 12:00 a.m.
Superforms < 6.0.4 - Reflected Cross-Site Scripting
2022-01-3100:00:00
Koutrouss Naddara
wpscan.com
11
plugin superforms
reflected cross-site scripting
super_language_switcher
ajax action
csrf
EPSS
0.001
Percentile
17.0%
The plugin does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user.
PoC
Related
wpexploit
wpexploit
Superforms < 6.0.4 - Reflected Cross-Site Scripting
2022-01-31 00:00:00
patchstack
patchstack
prion
prion
Cross site scripting
2024-01-16 16:15:00
nvd
nvd
CVE-2022-0402
2024-01-16 16:15:09
osv
osv
CVE-2022-0402
2024-01-16 16:15:09
cvelist
cvelist
CVE-2022-0402 Superforms < 6.0.4 - Reflected Cross-Site Scripting
2024-01-16 15:51:00
cve
cve
CVE-2022-0402
2024-01-16 16:15:09