CVE-2022-25601 — Cross-site Scripting in Contact Form X

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 43.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Plugin-planet Contact Form X Jeff Starr Contact Form X Fedoraproject Fedora

Timeline

PublishedMar 11

Latest updateMar 12

Description

Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDplugin-planet/contact_form_x< 2.4.1

▶CVEListV5jeff_starr/contact_form_x2.4

Also affects: Fedora 34, 35, 36

🔴Vulnerability Details

GHSA

GHSA-fcqr-c4cw-mhmv: Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2↗2022-03-12

▶