Lucene search

[email protected]NVD:CVE-2015-3299

HistorySep 19, 2017 - 3:29 p.m.

CVE-2015-3299

2017-09-1915:29:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.5%

JSON

Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.

Affected configurations

Nvd

Node

floating_social_bar_projectfloating_social_barRange≤1.1.6wordpress

VendorProductVersionCPE
floating_social_bar_projectfloating_social_bar*cpe:2.3:a:floating_social_bar_project:floating_social_bar:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
floating_social_bar_project	floating_social_bar	*	cpe:2.3:a:floating_social_bar_project:floating_social_bar::::::wordpress::*

References

www.openwall.com/lists/oss-security/2015/04/13/10

www.securityfocus.com/bid/74053

plugins.trac.wordpress.org/changeset/1129648/floating-social-bar/trunk

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.5%

JSON

Related for NVD:CVE-2015-3299

cvelist1 prion1 cve1 wpexploit1 wpvulndb1