CVE-2024-29220:

0.0 CVSS

Description

Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.

Classification

CVE ID: CVE-2024-29220

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Saturday Drive

Product: Ninja Forms

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wordpress.org/plugins/ninja-forms/
https://ninjaforms.com/
https://jvn.jp/en/jp/JVN50361500/

Timeline

2024-11-27 14:52:08 UTC
CVE