HTML Injection Vulnerability in Repute InfoSystems ARForms Form Builder
CVE-2024-54223

5.3MEDIUM

Key Information:

Vendor: WordPress
Status: Arforms Form Builder
Vendor: CVE Published:; 9 December 2024

What is CVE-2024-54223?

The ARForms Form Builder by Repute InfoSystems contains an HTML injection vulnerability that allows attackers to exploit the improper neutralization of script-related HTML tags in web pages. This vulnerability can lead to code injection, enabling malicious actors to execute scripts in the context of the user’s browser. Such exploits can compromise user data, facilitate phishing attacks, and damage the integrity of the affected website. Websites utilizing ARForms Form Builder, particularly versions up to 1.7.1, should apply immediate security measures to mitigate potential risks associated with this vulnerability.

Affected Version(s)

ARForms Form Builder 0 <= 1.7.1

References

https://patchstack.com/database/Wordpress/Plugin/arforms-...

vdb-entry

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024

CVE-2024-54223 Data

JSON

WordPress

What is CVE-2024-54223?

Affected Version(s)

References

CVSS V3.1

Timeline