Lucene search

MitreCVE-2014-4539

HistoryDec 27, 2019 - 7:15 p.m.

CVE-2014-4539

2019-12-2719:15:11

CWE-79

mitre

web.nvd.nist.gov

128

cve

2014

4539

cross-site scripting

xss

movies plugin

wordpress

remote attackers

web script

html

filename parameter

getid3

demos

demo.mimeonly.php

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.0%

JSON

Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php.

Affected configurations

Nvd

Node

movies_projectmoviesRange≤0.6wordpress

VendorProductVersionCPE
movies_projectmovies*cpe:2.3:a:movies_project:movies:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
movies_project	movies	*	cpe:2.3:a:movies_project:movies::::::wordpress::*

References

codevigilant.com/disclosure/wp-plugin-movies-a3-cross-site-scripting-xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.0%

JSON

Related for CVE-2014-4539