CVE-2020-8594 β€” Cross-site Scripting in Ninja Forms

CWE-79 β€” Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
EPSS
0.9%
top 24.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ninjaforms Ninja Forms
Timeline
PublishedFeb 14
Latest updateMay 24

Description

The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[recaptcha_site_key], ninja_forms[recaptcha_secret_key], ninja_forms[recaptcha_lang], or ninja_forms[date_format].

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

β–ΆNVDninjaforms/ninja_forms3.4.22

πŸ”΄Vulnerability Details

2
GHSA
GHSA-r659-m5mg-23ch: The Ninja Forms plugin 3β†—2022-05-24
β–Ά
CVEList
CVE-2020-8594: The Ninja Forms plugin 3β†—2020-02-14
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2019-8594 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-08
β–Ά
CVE-2020-8594 β€” Cross-site Scripting in Ninja Forms | cvebase