CVE-2022-38467
published 2023-01-14CVE-2022-38467: Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.
PriorityP333medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.81%
52.3th percentile
Reflected Cross-Site Scripting (XSS) vulnerability in CRM Perks Forms – WordPress Form Builder <= 1.1.0 ver.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| crm_perks | crm_perks_forms_wordpress_form_builder | n/a – 1.1.0 | — |
| crmperks | crm_perks_forms | <= 1.1.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
CRM Perks Forms < 1.1.1 - Cross Site Scripting
nuclei·CVSS 6.1
CVE-2022-38467 [MEDIUM] CRM Perks Forms < 1.1.1 - Cross Site Scripting
CRM Perks Forms &LastName=&%20Company= HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'status_code_1 == 200'
- 'contains(content_type_2, "text/html")'
- 'contains(body_1, "CRM Perks Forms") && contains(body_2, "")'
condition: and
# digest: 490a0046304402205e399f6ca31cc0f824e181d8ded84ec2c46dcaab9bf9284982e490d791719ad502207fb18c6b5ae650f832c0af15463a6273111f26ea6fa905c96ef498fd8b848dec:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cvehttps://patchstack.com/database/vulnerability/crm-perks-forms/wordpress-crm-perks-forms-plugin-1-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
2023-01-14
Published