CVE-2023-51695 — Cross-site Scripting in Everest Forms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

CNA5.9

EPSS

0.1%

top 81.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wpeverest Everest Forms

Timeline

PublishedFeb 1

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease! allows Stored XSS.This issue affects Everest Forms – Build Contact Forms, Surveys, Polls, Application Forms, and more with Ease!: from n/a through 2.0.4.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

▶NVDwpeverest/everest_forms2.0.4.1

🔴Vulnerability Details

GHSA

GHSA-xww7-5f37-vrcg: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPEverest Everest Forms – Build Contact Forms, S↗2024-02-01

▶

CVEList

WordPress Everest Forms Plugin <= 2.0.4.1 is vulnerable to Cross Site Scripting (XSS)↗2024-02-01

▶