Lucene search

MitreCVE-2015-6238

HistorySep 21, 2015 - 7:59 p.m.

CVE-2015-6238

2015-09-2119:59:01

CWE-79

mitre

web.nvd.nist.gov

cve-2015-6238

xss

google analyticator

plugin

wordpress

remote attack

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php.

Affected configurations

Nvd

Node

sumomegoogle_analyticatorRange≤6.4.9.5wordpress

VendorProductVersionCPE
sumomegoogle_analyticator*cpe:2.3:a:sumome:google_analyticator:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
sumome	google_analyticator	*	cpe:2.3:a:sumome:google_analyticator::::::wordpress::*

References

wordpress.org/plugins/google-analyticator/changelog/

wpvulndb.com/vulnerabilities/8159

www.netsparker.com/cve-2015-6238-multiple-xss-vulnerabilities-in-google-analyticator/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Related for CVE-2015-6238