CVE-2023-49188

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Dec 15, 2023

Updated: Jul 8, 2024

CWE ID 79

Summary

CVE-2023-49188 is a Cross-site Scripting (XSS) vulnerability affecting Track Geolocation Of Users Using Contact Form 7, from version n/a through 2.0. This issue arises due to improper neutralization of user input during web page generation. Cybercriminals can exploit this flaw to inject malicious scripts into a webpage viewed by other users, potentially stealing sensitive information or taking control of their browsers. The vulnerability poses a significant risk, emphasizing the importance of updating to the latest version of Contact Form 7 to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/thoCEA
https://www.cve.org/CVERecord?id=CVE-2023-49188
https://nvd.nist.gov/vuln/detail/CVE-2023-49188

Back to Vulnerability Database

CVE-2023-49188

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations