CVE-2024-43999

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.2%

top 56.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ninjaforms Ninja Forms Saturday Drive Ninja Forms

Timeline

PublishedSep 18

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:LExploitability: 1.7 | Impact: 3.7

Affected Packages2 packages

▶CVEListV5saturday_drive/ninja_formsn/a — 3.8.11

▶NVDninjaforms/ninja_forms< 3.8.12

🔴Vulnerability Details

GHSA

GHSA-89wx-jg4g-8p8g: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored↗2024-09-18

▶

CVEList

WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability↗2024-09-17

▶