Lucene search

MitreCVE-2017-17451

HistoryDec 07, 2017 - 12:29 a.m.

CVE-2017-17451

2017-12-0700:29:00

CWE-79

mitre

web.nvd.nist.gov

wp mailster

wordpress

xss

unsubscribe handler

mes parameter

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.2%

JSON

The WP Mailster plugin before 1.5.5 for WordPress has XSS in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php.

Affected configurations

Nvd

Node

wpmailsterwp_mailsterRange<1.5.5wordpress

VendorProductVersionCPE
wpmailsterwp_mailster*cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpmailster	wp_mailster	*	cpe:2.3:a:wpmailster:wp_mailster::::::wordpress::*

References

packetstormsecurity.com/files/145222/WordPress-WP-Mailster-1.5.4.0-Cross-Site-Scripting.html

wordpress.org/plugins/wp-mailster/#developers

wpvulndb.com/vulnerabilities/8973

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

55.2%

JSON

Related for CVE-2017-17451