Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2018-13832
HistoryJul 16, 2018 - 8:29 p.m.

CVE-2018-13832

2018-07-1620:29:00
CWE-79
[email protected]
web.nvd.nist.gov
2

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.0%

JSON

Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text.

Affected configurations

Nvd
Node
techotronicall_in_one_faviconRange<4.6wordpress
VendorProductVersionCPE
techotronicall_in_one_favicon*cpe:2.3:a:techotronic:all_in_one_favicon:*:*:*:*:*:wordpress:*:*

Related

packetstorm 1
zdt 1
wpexploit 1
wpvulndb 1
patchstack 1
exploitdb 1
cve 1
cvelist 1
prion 1
exploitpack 1
packetstorm
packetstorm
WordPress All In One Favicon 4.6 Cross Site Scripting
2018-07-19 00:00:00
zdt
zdt
WordPress All In One Favicon 4.6 Plugin - Cross-Site Scripting Vulnerability
2018-07-19 00:00:00
wpexploit
wpexploit
All In One Favicon <= 4.6 - Multiple Stored Authenticated XSS
2018-07-10 00:00:00
wpvulndb
wpvulndb
All In One Favicon <= 4.6 - Multiple Stored Authenticated XSS
2018-07-10 00:00:00
patchstack
patchstack
WordPress All In One Favicon plugin <= 4.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities
2018-07-18 00:00:00
exploitdb
exploitdb
WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting
2018-07-19 00:00:00
cve
cve
CVE-2018-13832
2018-07-16 20:29:00
cvelist
cvelist
CVE-2018-13832
2018-07-16 20:00:00
prion
prion
Cross site scripting
2018-07-16 20:29:00
exploitpack
exploitpack
WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting
2018-07-19 00:00:00

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.0%

JSON
Related for NVD:CVE-2018-13832
packetstorm1zdt1wpexploit1wpvulndb1patchstack1exploitdb1cve1cvelist1prion1exploitpack1