Skip to content

Potential XSS injection with contact form

Low
PierreRambaud published GHSA-5cp2-r794-w37w Sep 24, 2020

Package

No package listed

Affected versions

> 1.6.0.4

Patched versions

1.7.6.8

Description

Impact

An attacker is able to inject javascript while using the contact form.

Patches

The problem is fixed in 1.7.6.8

References

Cross-site Scripting (XSS) - Stored (CWE-79)

Severity

Low

CVE ID

CVE-2020-15161

Weaknesses

No CWEs

Credits