Lucene search

[email protected]CVE-2017-2284

HistoryAug 02, 2017 - 4:29 p.m.

CVE-2017-2284

2017-08-0216:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-2284

cross-site scripting

popup maker

vulnerability

web script

html

remote attackers

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Vulners

NVD

Node

popup_makerpopup_makerRange<1.6.5

CPENameOperatorVersion
code-atlantic:popup_makercode-atlantic popup makereq1.0.0
code-atlantic:popup_makercode-atlantic popup makereq1.0.1
code-atlantic:popup_makercode-atlantic popup makereq1.0.2
code-atlantic:popup_makercode-atlantic popup makereq1.0.3
code-atlantic:popup_makercode-atlantic popup makereq1.0.4
code-atlantic:popup_makercode-atlantic popup makereq1.0.5
code-atlantic:popup_makercode-atlantic popup makereq1.1.0
code-atlantic:popup_makercode-atlantic popup makereq1.1.1
code-atlantic:popup_makercode-atlantic popup makereq1.1.2
code-atlantic:popup_makercode-atlantic popup makereq1.1.3

CPE	Name	Operator	Version
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.0.0
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.0.1
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.0.2
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.0.3
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.0.4
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.0.5
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.1.0
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.1.1
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.1.2
code-atlantic:popup_maker	code-atlantic popup maker	eq	1.1.3

Rows per page:

1-10 of 661

CNA Affected

[
  {
    "product": "Popup Maker",
    "vendor": "Popup Maker",
    "versions": [
      {
        "status": "affected",
        "version": "prior to version 1.6.5"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN92921024/index.html

plugins.trac.wordpress.org/changeset/1697216/#file3

wordpress.org/plugins/popup-maker/#developers

wpvulndb.com/vulnerabilities/8878

Social References

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVE-2017-2284

nvd1 wpvulndb1 patchstack1 cvelist1 prion1 osv1 jvn1