Lucene search
HistoryJul 10, 2014 - 4:55 p.m.
CVE-2014-4855
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
50.2%
Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
polylang_plugin_projectpolylangRange≤1.5.1wordpress
ORpolylang_plugin_projectpolylangMatch1.5wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| polylang_plugin_project | polylang | * | cpe:2.3:a:polylang_plugin_project:polylang:*:*:*:*:*:wordpress:*:* |
| polylang_plugin_project | polylang | 1.5 | cpe:2.3:a:polylang_plugin_project:polylang:1.5:*:*:*:*:wordpress:*:* |
Related
prion
prion
Cross site scripting
2014-07-10 16:55:00
patchstack
patchstack
WordPress Polylang Plugin <= 1.5.1 - XSS
2014-07-10 00:00:00
wpvulndb
wpvulndb
Polylang 1.5.1 - User Description H&ling Stored XSS
2014-08-01 10:59:16
cvelist
cvelist
CVE-2014-4855
2014-07-10 16:00:00
cve
cve
CVE-2014-4855
2014-07-10 16:55:06
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.001
Percentile
50.2%
Related for NVD:CVE-2014-4855