CVSS 3.1 Score 7.1 of 10 (high)


Published Mar 27, 2024


CVE-2024-22149 is a vulnerability categorized as "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" (CWE-79). The vulnerability affects the CformsII plugin developed by Oliver Seidel and Bastian Germann. Versions of CformsII from n/a through 15.0.5 are impacted by this issue. The vulnerability allows for stored cross-site scripting (XSS) attacks. The base severity of this vulnerability is rated as HIGH, with a CVSS score of 7.1. Exploiting this vulnerability requires user interaction and has low impact on integrity and confidentiality, but can potentially pose a danger to organizations using the affected plugin on their websites or web applications. To remediate the vulnerability, it is recommended to update CformsII to a version beyond 15.0.5, where the issue has been addressed.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22149 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options