PT-2022-15270 · Unknown · Php Mailform
Apple502J
·
Published
2022-02-08
·
Updated
2022-02-11
·
CVE-2022-22142
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
php mailform versions prior to 1.40
Description
A reflected cross-site scripting issue in the checkbox of php mailform allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.
Recommendations
For versions prior to 1.40, update to version 1.40 or later to resolve the issue. As a temporary workaround, consider restricting access to the checkbox feature in php mailform until the update is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php Mailform