CVE-2020-27852: Gravity Forms stored Cross-Site Scripting (XSS) vulnerability in the survey feature
5.4
Basic Information
Technical Details
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
wp-premium/gravityforms | composer | >= 2.4, < 2.4.21 | 2.4.21 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided information describes a stored XSS vulnerability in Gravity Forms' survey textarea field handling, but does not include specific code examples, commit diffs, or technical implementation details showing how user input was processed. While the vulnerability clearly exists in survey feature input handling, the lack of concrete evidence about: 1) Which specific functions handle textarea input sanitization 2) Which output rendering functions lack proper escaping 3) Architectural details about Gravity Forms' survey module implementation makes it impossible to identify exact vulnerable functions with high confidence. The advisory suggests the vulnerability exists in processing textarea fields, but without seeing the pre-patch code or patch changes, we cannot definitively name specific functions.