Lucene search

[email protected]NVD:CVE-2014-9570

HistoryJan 15, 2015 - 3:59 p.m.

CVE-2014-9570

2015-01-1515:59:20

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

52.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the MyWebsiteAdvisor Simple Security plugin 1.1.5 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) datefilter parameter in the access_log page to wp-admin/users.php or (2) simple_security_ip_blacklist[] parameter in an add_blacklist_ip action in the ip_blacklist page to wp-admin/users.php.

Affected configurations

Nvd

Node

mywebsiteadvisorsimple_securityMatch1.1.5wordpress

VendorProductVersionCPE
mywebsiteadvisorsimple_security1.1.5cpe:2.3:a:mywebsiteadvisor:simple_security:1.1.5:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
mywebsiteadvisor	simple_security	1.1.5	cpe:2.3:a:mywebsiteadvisor:simple_security:1.1.5:::::wordpress::

References

www.securityfocus.com/archive/1/534477/100/0/threaded

www.htbridge.com/advisory/HTB23244

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

52.0%

JSON

Related for NVD:CVE-2014-9570

securityvulns2 htbridge1 patchstack1 zdt1 packetstorm1 prion1 wpvulndb1 cve1 cvelist1