CVE-2024-37512 — Cross-site Scripting in Nex-forms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

CNA6.5

EPSS

0.3%

top 50.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Basixonline Nex-forms Basix Nex-forms Ultimate Form Builder

Timeline

PublishedJul 21

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5basix/nex-forms_ultimate_form_buildern/a — 8.5.10

▶NVDbasixonline/nex-forms< 8.6.1

🔴Vulnerability Details

CVEList

WordPress NEX-Forms – Ultimate Form Builder plugin <= 8.5.10 - Cross Site Scripting (XSS) vulnerability↗2024-07-21

▶

GHSA

GHSA-ww2r-cpjx-g6vr: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder a↗2024-07-21

▶