Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.
References
Configurations
Information
Published : 2015-02-20 08:59
Updated : 2017-09-07 18:29
NVD link : CVE-2015-2040
Mitre link : CVE-2015-2040
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
cfdbplugin
- contact_form_db