CVE-2014-4536
MEDIUM NUCLEIInfusionsoft Gravity Forms < 1.5.6 - Cross-Site Scripting via go, contactId, or campaignId Parameter
Title source: llmExploitation Summary
CVE-2014-4536 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
Nuclei Templates (1)
Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
MEDIUMby daffainfo
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss
Release Notes x_refsource_confirm
http://wordpress.org/plugins/infusionsoft/changelog
Scores
CVSS v3
6.1
EPSS
0.0265
EPSS Percentile
86.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
katz/infusionsoft_gravity_forms
< 1.5.6
Published
Dec 27, 2019
Tracked Since
Feb 18, 2026