Lucene search

[email protected]CVE-2017-2285

HistoryAug 02, 2017 - 4:29 p.m.

CVE-2017-2285

2017-08-0216:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2017-2285

cross-site scripting

simple custom css and js

remote code injection

html vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

50.6%

JSON

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq3.3
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq2.1
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq2.2
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq2.4
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq1.1
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq2.9
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq2.3
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq1.2
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq3.0
silkypress:simple_custom_css_and_jssilkypress simple custom css and jseq1.6

CPE	Name	Operator	Version
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	3.3
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	2.1
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	2.2
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	2.4
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	1.1
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	2.9
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	2.3
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	1.2
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	3.0
silkypress:simple_custom_css_and_js	silkypress simple custom css and js	eq	1.6

Rows per page:

1-10 of 221

References

jvn.jp/en/jp/JVN31459091/index.html

plugins.trac.wordpress.org/changeset/1695440/#file6

wordpress.org/plugins/custom-css-js/#developers

wpvulndb.com/vulnerabilities/8879

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

50.6%

JSON

Related for CVE-2017-2285

prion1 wpvulndb1 patchstack1 jvn1