Lucene search

MitreCVE-2014-8758

HistoryOct 06, 2017 - 2:29 p.m.

CVE-2014-8758

2017-10-0614:29:00

CWE-79

mitre

web.nvd.nist.gov

cve

2014

8758

xss

vulnerability

best gallery albums plugin

wordpress

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.0%

JSON

Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gallery_album_sorting page to wp-admin/admin.php.

Affected configurations

Nvd

Node

tech-bankergallery_bankRange≤3.0.69wordpress

VendorProductVersionCPE
tech-bankergallery_bank*cpe:2.3:a:tech-banker:gallery_bank:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
tech-banker	gallery_bank	*	cpe:2.3:a:tech-banker:gallery_bank::::::wordpress::*

References

g0blin.co.uk/cve-2014-8758/

wpvulndb.com/vulnerabilities/8236

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.0%

JSON

Related for CVE-2014-8758