CVE-2024-25593 — Cross-site Scripting in Nex-forms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA6.5

EPSS

0.1%

top 76.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basixonline Nex-forms Basix Nex-forms Ultimate Form Builder

Timeline

PublishedMar 15

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5basix/nex-forms_ultimate_form_buildern/a — 8.5.5

▶NVDbasixonline/nex-forms< 8.5.6

🔴Vulnerability Details

GHSA

GHSA-cmmr-m837-c539: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows S↗2024-03-15

▶

CVEList

WordPress NEX-Forms plugin <= 8.5.5 - Cross Site Scripting (XSS) vulnerability↗2024-03-15

▶