CVE-2023-2701
EUVD-2023-3416517.07.2023, 14:15
The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| mediaburst | gravity_forms | 𝑥 < 2.7.5 |
𝑥
= Vulnerable software versions