Lucene search

[email protected]CVE-2008-0197

HistoryJan 10, 2008 - 12:46 a.m.

CVE-2008-0197

2008-01-1000:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0197

cross-site scripting

xss

wp-contactform

wordpress

security

vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wpcf_email, (2) wpcf_subject, (3) wpcf_question, (4) wpcf_answer, (5) wpcf_success_msg, (6) wpcf_error_msg, or (7) wpcf_msg parameter to wp-admin/admin.php, or (8) the SRC attribute of an IFRAME element.

Affected configurations

NVD

Node

wordpresswp-contactformRange≤1.5_alpha

CPENameOperatorVersion
wordpress:wp-contactformwordpress wp-contactformle1.5_alpha

CPE	Name	Operator	Version
wordpress:wp-contactform	wordpress wp-contactform	le	1.5_alpha

References

lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html

securityreason.com/securityalert/3539

securityvulns.ru/Sdocument546.html

securityvulns.ru/Sdocument667.html

websecurity.com.ua/1600/

websecurity.com.ua/1641/

www.securityfocus.com/archive/1/485786/100/0/threaded

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2008-0197

cvelist1 nvd1 patchstack1 prion1