Ninja Forms Contact Form 漏洞信息(CVE-2023-5530)

关于 CVE-2023-5530 的漏洞信息

1. 漏洞描述

From NVD

The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue

From 神龙GPT ^(AIGC)

神龙GPT 暂无描述信息（请耐心等待）

2. 漏洞评分(CVSS)

From NVD

NVD 暂无评分

From 神龙GPT ^(AIGC)

神龙GPT暂无评分（请耐心等待）

3. 漏洞类别

From NVD

NVD 暂无漏洞类别信息

From 神龙GPT ^(AIGC)

神龙GPT 暂无漏洞类别信息（请耐心等待）

Reference

https://ninjaforms.com/blog/saturday-drive-x-edition/
https://wpscan.com/vulnerability/a642f313-cc3e-4d75-b207-1dceb6a7fbae
https://nvd.nist.gov/vuln/detail/CVE-2023-5530

关于 CVE-2023-5530 的漏洞信息

1. 漏洞描述

From NVD

From 神龙GPT (AIGC)

2. 漏洞评分(CVSS)

From NVD

From 神龙GPT (AIGC)

3. 漏洞类别

From NVD

From 神龙GPT (AIGC)

Reference

From 神龙GPT ^(AIGC)

From 神龙GPT ^(AIGC)

From 神龙GPT ^(AIGC)