Vulnerabilities > Rocketgenius > Gravityforms > 2.4.17
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-20 | CVE-2020-27852 | Cross-site Scripting vulnerability in Rocketgenius Gravityforms A stored Cross-Site Scripting (XSS) vulnerability in the survey feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via a textarea field. | 3.5 |
| 2021-01-20 | CVE-2020-27851 | Cross-site Scripting vulnerability in Rocketgenius Gravityforms Multiple stored HTML injection vulnerabilities in the "poll" and "quiz" features in an additional paid add-on of Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary HTML code via poll or quiz answers. | 3.5 |
| 2021-01-20 | CVE-2020-27850 | Cross-site Scripting vulnerability in Rocketgenius Gravityforms A stored Cross-Site Scripting (XSS) vulnerability in forms import feature in Rocketgenius Gravity Forms before 2.4.21 allows remote attackers to inject arbitrary web script or HTML via the import of a GF form. | 3.5 |