The Perfect Survey WordPress plugin up to and including 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is turned off, leading to a Stored Cross-Site Scripting issue
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
getperfectsurvey perfect survey |