CVE-2024-29220: XSS
First published: Thu Apr 11 2024(Updated: )
Ninja Forms prior to 3.8.1 contains a cross-site scripting vulnerability in custom fields for labels. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing to the website using the product.
Credit: vultures@jpcert.or.jp
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ninja Forms | <3.8.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-29220?
CVE-2024-29220 is classified as a cross-site scripting (XSS) vulnerability with a medium severity level.
How do I fix CVE-2024-29220?
To fix CVE-2024-29220, update Ninja Forms to version 3.8.1 or later.
What kind of attack is enabled by CVE-2024-29220?
CVE-2024-29220 enables an attacker to execute arbitrary scripts in the browser of users accessing the affected website.
Which versions of Ninja Forms are affected by CVE-2024-29220?
Ninja Forms versions prior to 3.8.1 are vulnerable to CVE-2024-29220.
What components of Ninja Forms are impacted by CVE-2024-29220?
CVE-2024-29220 specifically affects custom fields for labels within the Ninja Forms plugin.
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ninja forms
- canonical/ninja forms