Lucene search

[email protected]NVD:CVE-2014-8809

HistoryDec 24, 2014 - 6:59 p.m.

CVE-2014-8809

2014-12-2418:59:03

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the WP Symposium plugin before 14.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter in an addComment action to ajax/profile_functions.php, (2) compose_text parameter in a sendMail action to ajax/mail_functions.php, (3) comment parameter in an add_comment action to ajax/lounge_functions.php, or (4) name parameter in a create_album action to ajax/gallery_functions.php.

Affected configurations

Nvd

Node

wpsymposiumprowp_symposiumRange≤14.10wordpress

VendorProductVersionCPE
wpsymposiumprowp_symposium*cpe:2.3:a:wpsymposiumpro:wp_symposium:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
wpsymposiumpro	wp_symposium	*	cpe:2.3:a:wpsymposiumpro:wp_symposium::::::wordpress::*

References

security.szurek.pl/wp-symposium-1410-multiple-xss-and-sql-injection.html

www.wpsymposium.com/release-information-for-v14-11/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

55.3%

JSON

Related for NVD:CVE-2014-8809

cvelist1 cve1 prion1 patchstack1 wpvulndb1