Lucene search

[email protected]CVE-2014-100023

HistoryJan 13, 2015 - 3:59 p.m.

CVE-2014-100023

2015-01-1315:59:12

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-100023

xss

mtouch quiz

wordpress

nvd

security vulnerability

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php.

Affected configurations

NVD

Node

mtouch_quiz_projectmtouch_quizRange≤3.0.6wordpress

CPENameOperatorVersion
mtouch_quiz_project:mtouch_quizmtouch quiz project mtouch quizle3.0.6

CPE	Name	Operator	Version
mtouch_quiz_project:mtouch_quiz	mtouch quiz project mtouch quiz	le	3.0.6

References

secunia.com/advisories/57491

exchange.xforce.ibmcloud.com/vulnerabilities/91949

exchange.xforce.ibmcloud.com/vulnerabilities/91950

security.dxw.com/advisories/admin-xss-and-sqli-in-mtouch-quiz-3-0-6/

wordpress.org/plugins/mtouch-quiz/changelog/

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2014-100023

patchstack1 wpvulndb1 prion1 nvd1 cvelist1