CVE-2021-24765

The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue
References
Configurations

Configuration 1

cpe:2.3:a:getperfectsurvey:perfect_survey:*:*:*:*:*:wordpress:*:*

Information

Published : 2022-02-01 01:15

Updated : 2022-02-04 05:47


NVD link : CVE-2021-24765

Mitre link : CVE-2021-24765

Products Affected
No products.
CWE