Lucene search
HistorySep 02, 2015 - 2:59 p.m.
CVE-2015-6805
cve
2015
6805
cross-site scripting
xss
vulnerability
mdc
private message
plugin
wordpress
remote
authenticated
users
web script
html
message field.
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.5%
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
Affected configurations
Node
medhabidotcommdc_private_messageMatch1.0.0wordpress
| CPE | Name | Operator | Version |
|---|---|---|---|
| medhabidotcom:mdc_private_message | medhabidotcom mdc private message | eq | 1.0.0 |
Related
nvd
nvd
CVE-2015-6805
2015-09-02 14:59:06
cvelist
cvelist
CVE-2015-6805
2015-09-02 14:00:00
prion
prion
Cross site scripting
2015-09-02 14:59:00
wpvulndb
wpvulndb
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
45.5%
Related for CVE-2015-6805