Katz: >> Infusionsoft Gravity Forms >> 1.4 Security Vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter.
CVSS Score
6.1
EPSS Score
0.023
Published
2019-12-27