Lucene search

[email protected]NVD:CVE-2014-4596

HistoryJul 02, 2014 - 6:55 p.m.

CVE-2014-4596

2014-07-0218:55:10

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in js/button-snapapp.php in the SnapApp plugin 1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) msg or (2) act parameter.

Affected configurations

Nvd

Node

snapapp_projectsnapappRange≤1.5--wordpress

VendorProductVersionCPE
snapapp_projectsnapapp*cpe:2.3:a:snapapp_project:snapapp:*:-:*:*:-:wordpress:*:*

Vendor	Product	Version	CPE
snapapp_project	snapapp	*	cpe:2.3:a:snapapp_project:snapapp::-:::-:wordpress::*

References

codevigilant.com/disclosure/wp-plugin-wpsnapapp-a3-cross-site-scripting-xss

www.securityfocus.com/bid/68433

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

52.6%

JSON

Related for NVD:CVE-2014-4596

prion1 wpvulndb1 patchstack1 cve1 cvelist1