Lucene search

K

[email protected]NVD:CVE-2014-6315

HistoryOct 10, 2014 - 2:55 p.m.

CVE-2014-6315

2014-10-1014:55:08

CWE-79

[email protected]

web.nvd.nist.gov

1

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.9%

Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) callback, (2) dir, or (3) extensions parameter in an addImages action to wp-admin/admin-ajax.php.

Affected configurations

NVD

Node

photo_gallery_plugin_projectphoto_gallery_pluginMatch1.1.30wordpress

References

packetstormsecurity.com/files/128518/WordPress-Photo-Gallery-1.1.30-Cross-Site-Scripting.html

secunia.com/advisories/61649

www.securityfocus.com/archive/1/533595/100/0/threaded

www.securityfocus.com/bid/70204

exchange.xforce.ibmcloud.com/vulnerabilities/96799

plugins.trac.wordpress.org/changeset?new=986500

www.htbridge.com/advisory/HTB23232

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.9%

Related for NVD:CVE-2014-6315

zdt1 htbridge1 packetstorm1 cve1 wpvulndb1 patchstack1 prion1 cvelist1 securityvulns2