Stored XSS vulnerability in WS Contact Form

CVE-2024-37537

5.4MEDIUM

Key Information

Vendor: Uusweb.ee
Status: Ws Contact Form
Vendor: CVE Published:; 21 July 2024

Summary

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UusWeb.Ee WS Contact Form allows Stored XSS.This issue affects WS Contact Form: from n/a through 1.3.7.

Affected Version(s)

WS Contact Form <= 1.3.7

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
Jul 21, 2024
Vulnerability Reserved.
Jun 9, 2024

Collectors

NVD DatabaseMitre Database

Credit

younsoung kim (Patchstack Alliance)

SeoHyeon Lee (Patchstack Alliance)

MyungJu Kim (Patchstack Alliance)

SeoHee Kang (Patchstack Alliance)