Known Vulnerabilities
CVE-2024-48046
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Supsystic Contact Form by Supsystic allows Stored XSS.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.
MEDIUM
CVSS 5.9
Published Oct 17, 2024
CVE-2024-48042
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Contact Form by Supsystic allows Command Injection.This issue affects Contact Form by Supsystic: from n/a through 1.7.28.
CRITICAL
CVSS 9.1
Published Oct 16, 2024