Source |
CVE Liste |
Identifiant |
4278520 |
Date de publication |
2022-03-14 15:15:09 (vue: 2022-03-14 17:06:08) |
Titre |
CVE-2022-0248 |
Texte |
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission |
Envoyé |
Oui |
Condensat |
0248 2022 additional admins against attacker attacks before contact could cross cve does escape fields form malicious not outputting perform plugin related requests result sanitise scripting site submission submissions them unauthenticated viewing wordpress |
Tags |
|
Stories |
|
Notes |
|
Move |
|