CVE-2017-20055 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Contact Form Plugin

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA3.5

EPSS

0.3%

top 49.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestwebsoft Contact Form Plugin Bestwebsoft Contact Form

Timeline

PublishedJun 16

Latest updateJun 17

Description

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5bestwebsoft/contact_form_plugin4.0.0

▶NVDbestwebsoft/contact_form4.0.0

🔴Vulnerability Details

GHSA

GHSA-4g9g-f7m3-gwjm: A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4↗2022-06-17

▶

CVEList

BestWebSoft Contact Form Plugin Stored cross site scriting↗2022-06-16

▶