Lucene search

[email protected]CVE-2014-7138

HistoryOct 16, 2014 - 7:55 p.m.

CVE-2014-7138

2014-10-1619:55:00

CWE-79

[email protected]

web.nvd.nist.gov

security

vulnerability

xss

google calendar

wordpress

plugin

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.8%

JSON

Cross-site scripting (XSS) vulnerability in the Google Calendar Events plugin before 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the gce_feed_ids parameter in a gce_ajax action to wp-admin/admin-ajax.php.

CPENameOperatorVersion
google_calendar_events_project:google_calendar_eventsgoogle calendar events project google calendar eventsle2.0.3.1

CPE	Name	Operator	Version
google_calendar_events_project:google_calendar_events	google calendar events project google calendar events	le	2.0.3.1

References

packetstormsecurity.com/files/128626/WordPress-Google-Calendar-Events-2.0.1-Cross-Site-Scripting.html

www.securityfocus.com/archive/1/533640/100/0/threaded

www.securityfocus.com/bid/70370

exchange.xforce.ibmcloud.com/vulnerabilities/96867

github.com/pderksen/WP-Google-Calendar-Events/commit/a701ceeb410bdda9d96c9d3d12104630df5d5b43

wordpress.org/plugins/google-calendar-events/changelog

www.htbridge.com/advisory/HTB23235

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.005 Low

EPSS

Percentile

75.8%

JSON

Related for CVE-2014-7138

packetstorm1 zdt1 prion1 wpvulndb1 htbridge1 nessus1 patchstack1 securityvulns2