ID CVE-2014-4554Type cveReporter cve@mitre.orgModified 2015-08-28T16:26:00
Description
Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.
{"id": "CVE-2014-4554", "bulletinFamily": "NVD", "title": "CVE-2014-4554", "description": "Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.", "published": "2014-07-02T20:55:00", "modified": "2015-08-28T16:26:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4554", "reporter": "cve@mitre.org", "references": ["http://wordpress.org/plugins/ss-downloads/changelog", "http://codevigilant.com/disclosure/wp-plugin-ss-downloads-a3-cross-site-scripting-xss", "http://www.securityfocus.com/bid/65141"], "cvelist": ["CVE-2014-4554"], "type": "cve", "lastseen": "2019-05-29T18:13:47", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "47a45b871ca852abc4f41506730e1860"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "aee9db7fd309378858aa509ee8fd9e05"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "1425991d2fa3a25f19244e937c670ee4"}, {"key": "href", "hash": "ecbfbe3f70078db5e3cf6e1e3ab53123"}, {"key": "modified", "hash": "2ead3ec3b3334e47b3707a01894002b5"}, {"key": "published", "hash": "2403e7306dd24b21d8722cd075cbaddd"}, {"key": "references", "hash": "1377b70df778e50aa63b5b7be35e8f6a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "d6b7411fdbcde79778bdfedc69ceea64"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "86e2c4eebca0b965f9a0515e78dd6ef6fe1c5f180d5d6f67b629940e160467d5", "viewCount": 0, "enchantments": {"score": {"value": 4.1, "vector": "NONE", "modified": "2019-05-29T18:13:47"}, "dependencies": {"references": [{"type": "wpvulndb", "idList": ["WPVDB-ID:7092"]}], "modified": "2019-05-29T18:13:47"}, "vulnersScore": 4.1}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "ss_downloads_project ss_downloads", "operator": "le", "version": "1.4.4.1"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": [], "cwe": ["CWE-79"]}
{"wpvulndb": [{"lastseen": "2019-08-21T19:38:53", "bulletinFamily": "software", "description": "WordPress Vulnerability - SS Downloads 1.4.4.1 - services/getfile.php file Parameter XSS\n", "modified": "2019-08-21T00:00:00", "published": "2014-08-01T00:00:00", "id": "WPVDB-ID:7092", "href": "https://wpvulndb.com/vulnerabilities/7092", "type": "wpvulndb", "title": "SS Downloads 1.4.4.1 - services/getfile.php file Parameter XSS", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
