Lucene search

MitreCVE-2014-6444

HistoryJan 08, 2016 - 9:59 p.m.

CVE-2014-6444

2016-01-0821:59:00

CWE-79

mitre

web.nvd.nist.gov

cve

2014

6444

titan framework

xss

vulnerabilities

wordpress

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php.

Affected configurations

Nvd

Node

titan_framework_projecttitan_frameworkRange≤1.5wordpress

VendorProductVersionCPE
titan_framework_projecttitan_framework*cpe:2.3:a:titan_framework_project:titan_framework:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
titan_framework_project	titan_framework	*	cpe:2.3:a:titan_framework_project:titan_framework::::::wordpress::*

References

research.g0blin.co.uk/cve-2014-6444/

wpvulndb.com/vulnerabilities/8233

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

47.4%

JSON

Related for CVE-2014-6444