CVE-2024-43220

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 36.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

10web Form Maker 10web Form Builder Team Form Maker BY 10web

Timeline

PublishedAug 12

Latest updateAug 13

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Reflected XSS.This issue affects Form Maker by 10Web: from n/a through 1.15.26.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.7

Affected Packages2 packages

▶CVEListV510web_form_builder_team/form_maker_by_10webn/a — 1.15.26

▶NVD10web/form_maker< 1.15.27

🔴Vulnerability Details

GHSA

GHSA-m5gc-px62-qc98: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 10Web Form Builder Team Form Maker by 10W↗2024-08-13

▶

CVEList

WordPress Form Maker by 10Web plugin <= 1.15.26 - Reflected Cross Site Scripting (XSS) vulnerability↗2024-08-12

▶