CVE-2024-29759

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 58.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codepeople Calculated Fields Form

Timeline

PublishedMar 27

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflected XSS.This issue affects Calculated Fields Form: from n/a through 1.2.54.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages2 packages

▶NVDcodepeople/calculated_fields_form< 1.2.55

▶CVEListV5codepeople/calculated_fields_formn/a — 1.2.54

🔴Vulnerability Details

CVEList

WordPress Calculated Fields Form plugin <= 1.2.54 - Reflected Cross Site Scripting (XSS) vulnerability↗2024-03-27

▶

GHSA

GHSA-9qq5-g8qh-67pf: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodePeople Calculated Fields Form allows Reflect↗2024-03-27

▶