CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-20053 – XYZScripts Contact Form Manager Plugin cross-site request forgery
https://notcve.org/view.php?id=CVE-2017-20053
01 Mar 2017 — A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. • http://seclists.org/fulldisclosure/2017/Feb/99 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2017-20054 – XYZScripts Contact Form Manager Plugin cross site scriting
https://notcve.org/view.php?id=CVE-2017-20054
01 Mar 2017 — A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. • http://seclists.org/fulldisclosure/2017/Feb/99 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •