Lucene search

MitreCVELIST:CVE-2014-8622

HistoryOct 03, 2022 - 4:20 p.m.

CVE-2014-8622

2022-10-0316:20:37

mitre

www.cve.org

cve-2014-8622

cross-site scripting

compfight plugin

wordpress

authenticated users

remote injection

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.5%

JSON

Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.

References

downloads.wordpress.org/plugin/compfight.1.5.zip

packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html

wordpress.org/plugins/compfight/changelog/