What is CVE-2015-2220?

CVE-2015-2220 is a vulnerability in Ninjaforms Ninja_forms, classified under Cross-site Scripting. Published 2015-03-05.

Is CVE-2015-2220 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Ninjaforms Ninja_forms

CVE-2015-2220

Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit a…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (41.8th percentile) — read the EPSS interpretation.

Affected products

Ninjaforms Ninja_forms
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

20142995/nuclei-templates

References

74857 (vdb-entry, x_refsource_BID)
20150211 Ninja Forms WordPress Plugin Multiple Cross-Site Scripting Vulnerability (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (Exploit, x_refsource_MISC)

Frequently asked questions

What is CVE-2015-2220?: CVE-2015-2220 is a vulnerability in Ninjaforms Ninja_forms, classified under Cross-site Scripting. Published 2015-03-05.
Is CVE-2015-2220 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.