Lucene search

MitreCVE-2018-7543

HistoryMar 26, 2018 - 6:29 p.m.

CVE-2018-7543

2018-03-2618:29:01

CWE-79

mitre

web.nvd.nist.gov

cve

2018

7543

cross-site scripting

xss

snapcreek duplicator

wordpress

vulnerability

remote

javascript

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

60.7%

JSON

Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.

Affected configurations

Nvd

Node

snapcreekduplicatorMatch1.2.32litewordpress

VendorProductVersionCPE
snapcreekduplicator1.2.32cpe:2.3:a:snapcreek:duplicator:1.2.32:*:*:*:lite:wordpress:*:*

Vendor	Product	Version	CPE
snapcreek	duplicator	1.2.32	cpe:2.3:a:snapcreek:duplicator:1.2.32::::lite:wordpress::*

References

snapcreek.com/duplicator/docs/changelog/?lite

www.exploit-db.com/exploits/44288/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

60.7%

JSON

Related for CVE-2018-7543