MidnightBSD

Advisories for contactus

CVE-2014-6445 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
contactus contact_form_7_integrations 1.3.8
contactus contact_form_7_integrations 1.3.3
contactus contact_form_7_integrations 1.3.7
contactus contact_form_7_integrations 1.3.6
contactus contact_form_7_integrations 1.3.4
contactus contact_form_7_integrations 1.3.9
contactus contact_form_7_integrations 1.3.2
contactus contact_form_7_integrations 1.3.5
contactus contact_form_7_integrations 1.3
contactus contact_form_7_integrations 1.3.1
contactus contact_form_7_integrations 1.3.10