CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13423

Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.9%

CVSS Severity

CVSS v3 Score 4.8

CVSS v2 Score 3.5

References

https://anothernetsecblog.com
https://anothernetsecblog.com/magento-2-extension-security/
https://landofcoder.com/magento-2-form-builder.html
https://anothernetsecblog.com
https://anothernetsecblog.com/magento-2-extension-security/
https://landofcoder.com/magento-2-form-builder.html

Products affected by CVE-2020-13423

Form Builder For Magento 2 Project » Form Builder For Magento 2 » Version: 2.1.0

cpe:2.3:a:form_builder_for_magento_2_project:form_builder_for_magento_2:2.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13423

Products

Pricing

Contact Us