ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Gravity Forms <= 1.9.15.11 - Authenticated Reflected XSS

Product
Gravity Forms
Description
Because of this vulnerability, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to users.
Solution
Update the plugin.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
SecLists
CVE
Name CVE-N/A
Versions
Affected In <= 1.9.15.11
Fixed In 1.9.16
Disclosure date
2016-03-01
Credits
Henri Salo
Submitter
ThreatPress