Lucene search

[email protected]CVE-2015-2040

HistoryFeb 20, 2015 - 4:59 p.m.

CVE-2015-2040

2015-02-2016:59:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-2040

cross-site scripting

xss

contact form db

cfdb

contact-form-7-to-database-extension

wordpress

remote code execution

web security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON

Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin 2.8.26 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit_time parameter in the CF7DBPluginSubmissions page to wp-admin/admin.php.

Affected configurations

NVD

Node

cfdbplugincontact_form_dbMatch2.8.26wordpress

CPENameOperatorVersion
cfdbplugin:contact_form_dbcfdbplugin contact form dbeq2.8.26

CPE	Name	Operator	Version
cfdbplugin:contact_form_db	cfdbplugin contact form db	eq	2.8.26

References

packetstormsecurity.com/files/130311/WordPress-Contact-Form-DB-2.8.26-Cross-Site-Scripting.html

exchange.xforce.ibmcloud.com/vulnerabilities/100818

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

52.1%

JSON

Related for CVE-2015-2040

prion1 patchstack1 cvelist1 nvd1 checkpoint_advisories1 wpvulndb1 kaspersky1