CVE-2014-6445

2014-09-2621:55:07

CWE-79

mitre

web.nvd.nist.gov

cve-2014-6445

cross-site scripting

xss

contact form 7 integrations

wordpress

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

49.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter.

Affected configurations

Nvd

Node

contactuscontact_form_7_integrationsMatch1.3wordpress

contactuscontact_form_7_integrationsMatch1.3.1wordpress

contactuscontact_form_7_integrationsMatch1.3.2wordpress

contactuscontact_form_7_integrationsMatch1.3.3wordpress

contactuscontact_form_7_integrationsMatch1.3.4wordpress

contactuscontact_form_7_integrationsMatch1.3.5wordpress

contactuscontact_form_7_integrationsMatch1.3.6wordpress

contactuscontact_form_7_integrationsMatch1.3.7wordpress

contactuscontact_form_7_integrationsMatch1.3.8wordpress

contactuscontact_form_7_integrationsMatch1.3.9wordpress

contactuscontact_form_7_integrationsMatch1.3.10wordpress

VendorProductVersionCPE
contactuscontact_form_7_integrations1.3cpe:2.3:a:contactus:contact_form_7_integrations:1.3:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.1cpe:2.3:a:contactus:contact_form_7_integrations:1.3.1:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.2cpe:2.3:a:contactus:contact_form_7_integrations:1.3.2:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.3cpe:2.3:a:contactus:contact_form_7_integrations:1.3.3:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.4cpe:2.3:a:contactus:contact_form_7_integrations:1.3.4:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.5cpe:2.3:a:contactus:contact_form_7_integrations:1.3.5:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.6cpe:2.3:a:contactus:contact_form_7_integrations:1.3.6:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.7cpe:2.3:a:contactus:contact_form_7_integrations:1.3.7:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.8cpe:2.3:a:contactus:contact_form_7_integrations:1.3.8:*:*:*:*:wordpress:*:*
contactuscontact_form_7_integrations1.3.9cpe:2.3:a:contactus:contact_form_7_integrations:1.3.9:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
contactus	contact_form_7_integrations	1.3	cpe:2.3:a:contactus:contact_form_7_integrations:1.3:::::wordpress::
contactus	contact_form_7_integrations	1.3.1	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.1:::::wordpress::
contactus	contact_form_7_integrations	1.3.2	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.2:::::wordpress::
contactus	contact_form_7_integrations	1.3.3	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.3:::::wordpress::
contactus	contact_form_7_integrations	1.3.4	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.4:::::wordpress::
contactus	contact_form_7_integrations	1.3.5	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.5:::::wordpress::
contactus	contact_form_7_integrations	1.3.6	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.6:::::wordpress::
contactus	contact_form_7_integrations	1.3.7	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.7:::::wordpress::
contactus	contact_form_7_integrations	1.3.8	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.8:::::wordpress::
contactus	contact_form_7_integrations	1.3.9	cpe:2.3:a:contactus:contact_form_7_integrations:1.3.9:::::wordpress::