CVE-2017-1000033

MEDIUM

Wordpress Plugin Vospari Forms < 1.4 - XSS

Title source: llm

Description

Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.

References (2)

[Exploit, Third Party Advisory] https://cjc.im/advisories/0007/

[Third Party Advisory, VDB Entry] https://wpvulndb.com/vulnerabilities/8862

Scores

CVSS v3 6.1

EPSS 0.0245

EPSS Percentile 85.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

vospari_forms_project/vospari_forms < 1.3

n/a/n/a

Published Jul 17, 2017

Tracked Since Feb 18, 2026