What is CVE-2017-20055?

CVE-2017-20055 is a low-severity vulnerability in Bestwebsoft Contact_form, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 3.5/10. Published 2022-06-16.

How severe is CVE-2017-20055?

Low severity. CVSS v3 base score is 3.5 out of 10.

Is CVE-2017-20055 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Bestwebsoft Contact_form

CVE-2017-20055

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely…

EPSS: 0.008 (51.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Bestwebsoft Contact_form — versions 4.0.0
Bestwebsoft Contact Form Plugin — versions 4.0.0

Weakness classification (CWE)

Public proof-of-concept exploits

20142995/nuclei-templates

References

cna@vuldb.com (Exploit, Mailing List, Third Party Advisory, x_refsource_MISC)
cna@vuldb.com (Exploit, Third Party Advisory, x_refsource_MISC)
cna@vuldb.com (Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2017-20055?: CVE-2017-20055 is a low-severity vulnerability in Bestwebsoft Contact_form, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 3.5/10. Published 2022-06-16.
How severe is CVE-2017-20055?: Low severity. CVSS v3 base score is 3.5 out of 10.
Is CVE-2017-20055 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.