CVE-2021-24134

CVE-2021-24134: Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS

Vendor Unknown

Product Constant Contact Forms

Weakness CWE-79 · XSS

Published March 18, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed.

Key dates

02Disclosure timeline

March 18, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24134

Related vulnerabilities

04Related CVE

CVE-2024-11676 CodeAstro Hospital Management System Add Laboratory Equipment Page his_admin_add_lab_equipment.php cross site scripting CVE-2026-27822 Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover CVE-2025-32019 Harbor's repository description page allows for XSS CVE-2023-4945 Booster for WooCommerce <= 7.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-37177 Cross-Site Scripting (XSS) vulnerabilities in SAP Financial Consolidation