CVE-2015-2040

Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:cfdbplugin:contact_form_db:2.8.26:*:*:*:*:wordpress:*:*

Information

Published : 2015-02-20 08:59

Updated : 2017-09-07 18:29


NVD link : CVE-2015-2040

Mitre link : CVE-2015-2040


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

cfdbplugin

  • contact_form_db