Filtered by vendor Super-forms
Subscriptions
Filtered by product Super Forms
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0402 | 1 Super-forms | 1 Super Forms | 2024-11-21 | 6.1 Medium |
| The Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user. | ||||
Page 1 of 1.