Lucene search

Larry_cashdollarCVE-2018-1002004

HistoryDec 03, 2018 - 4:29 p.m.

CVE-2018-1002004

2018-12-0316:29:00

CWE-79

larry_cashdollar

web.nvd.nist.gov

cve

2018

1002004

reflected xss

wordpress

arigato autoresponder

administrative privileges

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

48.1%

JSON

There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.

Affected configurations

Nvd

Node

kibokolabsarigato_autoresponder_and_newsletterMatch2.5.1.8wordpress

VendorProductVersionCPE
kibokolabsarigato_autoresponder_and_newsletter2.5.1.8cpe:2.3:a:kibokolabs:arigato_autoresponder_and_newsletter:2.5.1.8:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
kibokolabs	arigato_autoresponder_and_newsletter	2.5.1.8	cpe:2.3:a:kibokolabs:arigato_autoresponder_and_newsletter:2.5.1.8:::::wordpress::

CNA Affected

[
  {
    "product": "Arigato Autoresponder and Newsletter",
    "vendor": "Kiboko Labs https://calendarscripts.info/",
    "versions": [
      {
        "lessThanOrEqual": "2.5.1.8",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]