ID CVE-2015-6920Type cveReporter cve@mitre.orgModified 2015-09-17T18:20:00
Description
Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
{"id": "CVE-2015-6920", "bulletinFamily": "NVD", "title": "CVE-2015-6920", "description": "Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.", "published": "2015-09-11T20:59:00", "modified": "2015-09-17T18:20:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6920", "reporter": "cve@mitre.org", "references": ["https://wpvulndb.com/vulnerabilities/8169", "http://packetstormsecurity.com/files/133371/WordPress-sourceAFRICA-0.1.3-Cross-Site-Scripting.html"], "cvelist": ["CVE-2015-6920"], "type": "cve", "lastseen": "2019-05-29T18:14:44", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "c98ed44f68488cccd1000c9ece2c9080"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "3cdbf344db3d387bfdfa65206cecc363"}, {"key": "cpe23", "hash": "7a2c3227d5abfbc7ecdfb2432c209d57"}, {"key": "cvelist", "hash": "d9e6166b2467716f3925300ab3fb2788"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "64eabc2507b0e1ce13d3b9484aca7966"}, {"key": "href", "hash": "819d4e381ac27366f80501c3963ff088"}, {"key": "modified", "hash": "69e17db4de11ec811d9bec2d7b519e69"}, {"key": "published", "hash": "5bf8778ce6c1e9a3f5aa1033190a7f32"}, {"key": "references", "hash": "408c1854ebc5e46b1d336b27e76834dc"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "6accdb0b8a38961b243b5c64df472ca0"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "149491b8b8211170beb458cad3cc0f669377c274e23d9cec3b8cb1dbfc13d189", "viewCount": 0, "enchantments": {"score": {"value": 4.1, "vector": "NONE", "modified": "2019-05-29T18:14:44"}, "dependencies": {"references": [{"type": "wpvulndb", "idList": ["WPVDB-ID:8169"]}], "modified": "2019-05-29T18:14:44"}, "vulnersScore": 4.1}, "objectVersion": "1.3", "cpe": ["cpe:/a:sourceafrica_project:sourceafrica:0.1.3"], "affectedSoftware": [{"name": "sourceafrica_project sourceafrica", "operator": "eq", "version": "0.1.3"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:sourceafrica_project:sourceafrica:0.1.3:*:*:*:*:wordpress:*:*"], "cwe": ["CWE-79"]}
{"wpvulndb": [{"lastseen": "2019-08-28T15:45:14", "bulletinFamily": "software", "description": "WordPress Vulnerability - sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)\n", "modified": "2015-09-11T00:00:00", "published": "2015-09-02T00:00:00", "id": "WPVDB-ID:8169", "href": "https://wpvulndb.com/vulnerabilities/8169", "type": "wpvulndb", "title": "sourceAFRICA <= 0.1.3 - Unauthenticated Cross-Site Scripting (XSS)", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
