Lucene search

MitreCVE-2014-4587

HistoryJul 02, 2014 - 6:55 p.m.

CVE-2014-4587

2014-07-0218:55:10

CWE-79

mitre

web.nvd.nist.gov

cve-2014-4587

xss

wp guestmap

plugin

vulnerabilities

wordpress

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap plugin 1.8 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) zl, (2) mt, or (3) dc parameter to guest-locator.php; the (4) zl, (5) mt, (6) activate, or (7) dc parameter to online-tracker.php; the (8) zl, (9) mt, or (10) dc parameter to stats-map.php; or the (11) zl, (12) mt, (13) activate, or (14) dc parameter to weather-map.php.

Affected configurations

Nvd

Node

wp_guestmap_projectwp_guestmap_projectRange≤1.8---wordpress

VendorProductVersionCPE
wp_guestmap_projectwp_guestmap_project*cpe:2.3:a:wp_guestmap_project:wp_guestmap_project:*:-:-:*:-:wordpress:*:*

Vendor	Product	Version	CPE
wp_guestmap_project	wp_guestmap_project	*	cpe:2.3:a:wp_guestmap_project:wp_guestmap_project::-:-::-:wordpress::

References

codevigilant.com/disclosure/wp-plugin-wp-guestmap-a3-cross-site-scripting-xss

www.securityfocus.com/bid/68403

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Related for CVE-2014-4587