ID CVE-2015-6238 Type cve Reporter NVD Modified 2015-09-23T15:12:56
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.
{"reporter": "NVD", "enchantments": {"vulnersScore": 4.3}, "published": "2015-09-21T15:59:01", "cvelist": ["CVE-2015-6238"], "title": "CVE-2015-6238", "objectVersion": "1.2", "type": "cve", "hash": "c241e5ce75c92dbb0dbc59c4713dbb40f41df8622a8c6f3fff54cdf77f428f84", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6238", "bulletinFamily": "NVD", "id": "CVE-2015-6238", "history": [], "scanner": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "modified": "2015-09-23T15:12:56", "viewCount": 0, "cpe": ["cpe:/a:sumome:google_analyticator:6.4.9.5::~~~wordpress~~"], "edition": 1, "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.", "references": ["https://wordpress.org/plugins/google-analyticator/changelog/", "https://wpvulndb.com/vulnerabilities/8159", "https://www.netsparker.com/cve-2015-6238-multiple-xss-vulnerabilities-in-google-analyticator/"], "lastseen": "2016-09-03T23:02:38", "assessment": {"system": "", "name": "", "href": ""}}