CVE-2017-20192 - CERT CVE

  1. CVE-2017-20192

ID CVE-2017-20192
Sažetak The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute in a victim's browser.
Reference
CVSS
Base: 8.3
Impact: 3.7
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
LOW LOW LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Zadnje važnije ažuriranje 23-12-2025 - 15:47
Objavljeno 16-10-2024 - 07:15