Lucene search

[email protected]CVE-2008-1061

HistoryFeb 28, 2008 - 7:44 p.m.

CVE-2008-1061

2008-02-2819:44:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-1061

cross-site scripting

xss vulnerabilities

sniplets plugin

wordpress

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and © inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.

Affected configurations

NVD

Node

wordpresssniplets_pluginMatch1.1.2

wordpresssniplets_pluginMatch1.2.2

CPENameOperatorVersion
wordpress:sniplets_pluginwordpress sniplets plugineq1.1.2
wordpress:sniplets_pluginwordpress sniplets plugineq1.2.2

CPE	Name	Operator	Version
wordpress:sniplets_plugin	wordpress sniplets plugin	eq	1.1.2
wordpress:sniplets_plugin	wordpress sniplets plugin	eq	1.2.2

References

secunia.com/advisories/29099

securityreason.com/securityalert/3706

www.securityfocus.com/archive/1/488734/100/0/threaded

www.securityfocus.com/bid/27985

exchange.xforce.ibmcloud.com/vulnerabilities/40830

www.exploit-db.com/exploits/5194

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2008-1061

cvelist1 nvd1 patchstack1 nuclei1 prion1 wpvulndb1