Filtered by vendor Getperfectsurvey
Subscribe
Search
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24765 | 1 Getperfectsurvey | 1 Perfect Survey | 2022-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2021-24764 | 1 Getperfectsurvey | 1 Perfect Survey | 2022-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before outputting them back in pages/attributes in the admin dashboard, leading to Reflected Cross-Site Scripting issues | |||||