Lucene search
WpvulndbWPVDB-ID:323D5FD0-ABE8-44EF-9127-EEA6FD4F3F3DHistoryJun 10, 2022 - 12:00 a.m.
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
2022-06-1000:00:00
wpscan.com
6
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
PoC
- Make a test form and then export it to your system. - Edit the file and enter an XSS payload like "
| CPE | Name | Operator | Version |
|---|---|---|---|
| ninja-forms | lt | 3.6.11 |
Related
cvelist
cvelist
nvd
nvd
CVE-2021-25066
2022-07-04 13:15:08
patchstack
patchstack
cnvd
cnvd
WordPress Ninja Forms Contact Form plugin跨站脚本漏洞(CNVD-2022-58230)
2022-07-06 00:00:00
wpexploit
wpexploit
Ninja Forms < 3.6.10 - Admin+ Stored Cross-Site Scripting via Import
2022-06-10 00:00:00
cve
cve
CVE-2021-25066
2022-07-04 13:15:08
prion
prion
Cross site scripting
2022-07-04 13:15:00
openvas
openvas
WordPress Ninja Forms Contact Form Plugin < 3.6.10 Multiple Vulnerabilities
2022-07-05 00:00:00