VYPR

Simpleforum

by Simpleforum

CVEs (2)

  • CVE-2024-10883MedNov 16, 2024
    risk 0.40cvss 6.1epss 0.00

    The SimpleForm – Contact form made simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.0. This makes it possible for…

  • CVE-2007-6616Jan 3, 2008
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details are obtained from third party information.