CVE-2015-2220 — Cross-site Scripting in Ninja Forms

CWE-79 — Cross-site Scripting4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 58.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ninjaforms Ninja Forms
Timeline
PublishedMar 5
Latest updateMay 14

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDninjaforms/ninja_forms2.8.8

🔴Vulnerability Details

2
GHSA
GHSA-whrh-29g4-mq5m: Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2↗2022-05-14
â–¶
CVEList
CVE-2015-2220: Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2↗2015-03-05
â–¶

💥Exploits & PoCs

1
Exploit-DB
Siemens SIMATIC S7-300 CPU - Remote Denial of Service↗2018-05-30
â–¶
CVE-2015-2220 — Cross-site Scripting in Ninja Forms | cvebase