CVE-2024-23522 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Formidable Forms

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

CNA5.3

EPSS

0.3%

top 46.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Strategy11 Formidable Forms Strategy11 Form Builder Team Formidable Forms

Timeline

PublishedMay 17

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through 6.7.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5strategy11_form_builder_team/formidable_formsn/a — 6.7

▶NVDstrategy11/formidable_forms< 6.7.1

🔴Vulnerability Details

CVEList

WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability↗2024-05-17

▶

GHSA

GHSA-8p46-c7vp-cvj5: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Co↗2024-05-17

▶