1 results (0.001 seconds)
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13423
https://notcve.org/view.php?id=CVE-2020-13423
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header. Form Builder versión 2.1.0, para Magento presenta múltiples problemas de tipo XSS, que pueden ser explotados en las cuentas de administrador de Magento 2 por medio del campo Current_url o email, o el encabezado HTTP User-Agent • https://anothernetsecblog.com https://anothernetsecblog.com/magento-2-extension-security https://landofcoder.com/magento-2-form-builder.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •