Lucene search

[email protected]CVE-2014-125097

HistoryApr 10, 2023 - 4:15 a.m.

CVE-2014-125097

2023-04-1004:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve

2014

125097

bestwebsoft

facebook like button

vulnerability

cross-site scripting

remote attack

upgrade

patch

vdb-225354

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.8%

JSON

A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The patch is identified as b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability.

Affected configurations

Vulners

NVD

Node

bestwebsoftfacebook_buttonMatch2.0

bestwebsoftfacebook_buttonMatch2.1

bestwebsoftfacebook_buttonMatch2.2

bestwebsoftfacebook_buttonMatch2.3

bestwebsoftfacebook_buttonMatch2.4

bestwebsoftfacebook_buttonMatch2.5

bestwebsoftfacebook_buttonMatch2.6

bestwebsoftfacebook_buttonMatch2.7

bestwebsoftfacebook_buttonMatch2.8

bestwebsoftfacebook_buttonMatch2.9

bestwebsoftfacebook_buttonMatch2.10

bestwebsoftfacebook_buttonMatch2.11

bestwebsoftfacebook_buttonMatch2.12

bestwebsoftfacebook_buttonMatch2.13

bestwebsoftfacebook_buttonMatch2.14

bestwebsoftfacebook_buttonMatch2.15

bestwebsoftfacebook_buttonMatch2.16

bestwebsoftfacebook_buttonMatch2.17

bestwebsoftfacebook_buttonMatch2.18

bestwebsoftfacebook_buttonMatch2.19

bestwebsoftfacebook_buttonMatch2.20

bestwebsoftfacebook_buttonMatch2.21

bestwebsoftfacebook_buttonMatch2.22

bestwebsoftfacebook_buttonMatch2.23

bestwebsoftfacebook_buttonMatch2.24

bestwebsoftfacebook_buttonMatch2.25

bestwebsoftfacebook_buttonMatch2.26

bestwebsoftfacebook_buttonMatch2.27

bestwebsoftfacebook_buttonMatch2.28

bestwebsoftfacebook_buttonMatch2.29

bestwebsoftfacebook_buttonMatch2.30

bestwebsoftfacebook_buttonMatch2.31

bestwebsoftfacebook_buttonMatch2.32

bestwebsoftfacebook_buttonMatch2.33

VendorProductVersionCPE
bestwebsoftfacebook_button2.0cpe:2.3:a:bestwebsoft:facebook_button:2.0:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.1cpe:2.3:a:bestwebsoft:facebook_button:2.1:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.2cpe:2.3:a:bestwebsoft:facebook_button:2.2:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.3cpe:2.3:a:bestwebsoft:facebook_button:2.3:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.4cpe:2.3:a:bestwebsoft:facebook_button:2.4:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.5cpe:2.3:a:bestwebsoft:facebook_button:2.5:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.6cpe:2.3:a:bestwebsoft:facebook_button:2.6:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.7cpe:2.3:a:bestwebsoft:facebook_button:2.7:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.8cpe:2.3:a:bestwebsoft:facebook_button:2.8:*:*:*:*:*:*:*
bestwebsoftfacebook_button2.9cpe:2.3:a:bestwebsoft:facebook_button:2.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bestwebsoft	facebook_button	2.0	cpe:2.3:a:bestwebsoft:facebook_button:2.0:::::::*
bestwebsoft	facebook_button	2.1	cpe:2.3:a:bestwebsoft:facebook_button:2.1:::::::*
bestwebsoft	facebook_button	2.2	cpe:2.3:a:bestwebsoft:facebook_button:2.2:::::::*
bestwebsoft	facebook_button	2.3	cpe:2.3:a:bestwebsoft:facebook_button:2.3:::::::*
bestwebsoft	facebook_button	2.4	cpe:2.3:a:bestwebsoft:facebook_button:2.4:::::::*
bestwebsoft	facebook_button	2.5	cpe:2.3:a:bestwebsoft:facebook_button:2.5:::::::*
bestwebsoft	facebook_button	2.6	cpe:2.3:a:bestwebsoft:facebook_button:2.6:::::::*
bestwebsoft	facebook_button	2.7	cpe:2.3:a:bestwebsoft:facebook_button:2.7:::::::*
bestwebsoft	facebook_button	2.8	cpe:2.3:a:bestwebsoft:facebook_button:2.8:::::::*
bestwebsoft	facebook_button	2.9	cpe:2.3:a:bestwebsoft:facebook_button:2.9:::::::*

Rows per page:

1-10 of 341

CNA Affected

[
  {
    "vendor": "BestWebSoft",
    "product": "Facebook Like Button",
    "versions": [
      {
        "version": "2.0",
        "status": "affected"
      },
      {
        "version": "2.1",
        "status": "affected"
      },
      {
        "version": "2.2",
        "status": "affected"
      },
      {
        "version": "2.3",
        "status": "affected"
      },
      {
        "version": "2.4",
        "status": "affected"
      },
      {
        "version": "2.5",
        "status": "affected"
      },
      {
        "version": "2.6",
        "status": "affected"
      },
      {
        "version": "2.7",
        "status": "affected"
      },
      {
        "version": "2.8",
        "status": "affected"
      },
      {
        "version": "2.9",
        "status": "affected"
      },
      {
        "version": "2.10",
        "status": "affected"
      },
      {
        "version": "2.11",
        "status": "affected"
      },
      {
        "version": "2.12",
        "status": "affected"
      },
      {
        "version": "2.13",
        "status": "affected"
      },
      {
        "version": "2.14",
        "status": "affected"
      },
      {
        "version": "2.15",
        "status": "affected"
      },
      {
        "version": "2.16",
        "status": "affected"
      },
      {
        "version": "2.17",
        "status": "affected"
      },
      {
        "version": "2.18",
        "status": "affected"
      },
      {
        "version": "2.19",
        "status": "affected"
      },
      {
        "version": "2.20",
        "status": "affected"
      },
      {
        "version": "2.21",
        "status": "affected"
      },
      {
        "version": "2.22",
        "status": "affected"
      },
      {
        "version": "2.23",
        "status": "affected"
      },
      {
        "version": "2.24",
        "status": "affected"
      },
      {
        "version": "2.25",
        "status": "affected"
      },
      {
        "version": "2.26",
        "status": "affected"
      },
      {
        "version": "2.27",
        "status": "affected"
      },
      {
        "version": "2.28",
        "status": "affected"
      },
      {
        "version": "2.29",
        "status": "affected"
      },
      {
        "version": "2.30",
        "status": "affected"
      },
      {
        "version": "2.31",
        "status": "affected"
      },
      {
        "version": "2.32",
        "status": "affected"
      },
      {
        "version": "2.33",
        "status": "affected"
      }
    ]
  }
]

References

github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c

vuldb.com/?ctiid.225354

vuldb.com/?id.225354

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

34.8%

JSON

Related for CVE-2014-125097

prion1 nvd1 cvelist1