Lucene search

[email protected]CVE-2014-100008

HistoryJan 13, 2015 - 11:59 a.m.

CVE-2014-100008

2015-01-1311:59:07

CWE-79

[email protected]

web.nvd.nist.gov

security

vulnerability

xss

joomlaskin

multi hotel

plugin

wordpress

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the path parameter.

Affected configurations

NVD

Node

joomlaskinjs_multi_hotelRange≤2.2.1wordpress

CPENameOperatorVersion
joomlaskin:js_multi_hoteljoomlaskin js multi hotelle2.2.1

CPE	Name	Operator	Version
joomlaskin:js_multi_hotel	joomlaskin js multi hotel	le	2.2.1

References

packetstormsecurity.com/files/125959

websecurity.com.ua/7087/

exchange.xforce.ibmcloud.com/vulnerabilities/92207

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVE-2014-100008

patchstack1 wpvulndb1 prion1 nvd1 cvelist1