CVE-2024-50515 — Cross-site Scripting in Stover Ninja Forms

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 59.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kevin Stover Ninja Forms Ninjaforms Ninja Forms

Timeline

PublishedNov 19

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kevin Stover Ninja Forms ninja-forms allows Stored XSS.This issue affects Ninja Forms: from n/a through <= 3.8.16.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5kevin_stover/ninja_forms3.8.16

▶NVDninjaforms/ninja_forms3.8.16

🔴Vulnerability Details

GHSA

GHSA-xqj5-wxw2-5ww9: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS↗2024-11-19

▶

CVEList

WordPress Ninja Forms – The Contact Form Builder That Grows With You plugin <= 3.8.16 - Cross Site Scripting (XSS) vulnerability↗2024-11-19

▶