CVE-2017-2171

CWE-79 — Cross-site Scripting (XSS)CWE-914 documents4 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 53.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bestwebsoft Captcha Bestwebsoft CAR Rental Bestwebsoft Contact Form +51 more

Timeline

PublishedMay 22

Latest updateMay 17

Description

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, F…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages102 packages

▶NVDbestwebsoft/google_captcha_\(recaptcha\)1.27

▶CVEListV5bestwebsoft/google_captcha_(recaptcha)prior to version 1.28

▶NVDbestwebsoft/google_sitemap3.0.7

▶CVEListV5bestwebsoft/google_sitemapprior to version 3.0.8

▶NVDbestwebsoft/google_maps1.3.5

🔴Vulnerability Details

GHSA

GHSA-947h-g3wj-rr28: Cross-site scripting vulnerability in Captcha prior to version 4↗2022-05-17

▶

CVEList

CVE-2017-2171: Cross-site scripting vulnerability in Captcha prior to version 4↗2017-05-22

▶