6.1
CVE-2024-29220
- EPSS 0.45%
- Veröffentlicht 11.04.2024 03:15:09
- Zuletzt bearbeitet 08.04.2025 15:19:15
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
LoginNinja Forms – The Contact Form Builder That Grows With You <= 3.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
Mögliche Gegenmaßnahme
Ninja Forms – The Contact Form Builder That Grows With You: Update to version 3.8.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ninjaforms ≫ Ninja Forms SwPlatformwordpress Version < 3.8.1
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Ninja Forms – The Contact Form Builder That Grows With You
Version
*-3.8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.36 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://jvn.jp/en/jp/JVN50361500/
https://ninjaforms.com/
https://wordpress.org/plugins/ninja-forms/
https://www.wordfence.com/threat-intel/vulnerabilities/id/cae15a1c-63bc-4349-aba3-7f34737d6045