Lucene search

K
cve[email protected]CVE-2015-2315
HistoryMar 17, 2015 - 3:59 p.m.

CVE-2015-2315

2015-03-1715:59:04
CWE-79
web.nvd.nist.gov
30
cve-2015-2315
cross-site scripting
xss
wpml plugin
wordpress
nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.5%

Cross-site scripting (XSS) vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the target parameter in a reminder_popup action to the default URI.

Affected configurations

NVD
Node
wpmlwpmlRange3.1.8wordpress
CPENameOperatorVersion
wpml:wpmlwpmlle3.1.8

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.011 Low

EPSS

Percentile

84.5%