Lucene search

[email protected]CVE-2014-9570

HistoryJan 15, 2015 - 3:59 p.m.

CVE-2014-9570

2015-01-1515:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-9570

xss

mywebsiteadvisor

simple security plugin

wordpress

vulnerability

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.

CPENameOperatorVersion
mywebsiteadvisor:simple_securitymywebsiteadvisor simple securityeq1.1.5

CPE	Name	Operator	Version
mywebsiteadvisor:simple_security	mywebsiteadvisor simple security	eq	1.1.5

References

www.securityfocus.com/archive/1/534477/100/0/threaded

www.htbridge.com/advisory/HTB23244

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

51.6%

JSON

Related for CVE-2014-9570

securityvulns2 htbridge1 patchstack1 packetstorm1 zdt1 wpvulndb1 prion1