Cross site scripting

2014-08-1223:55:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.5%

JSON

Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-value parameter.

CPENameOperatorVersion
compfighteq1.4

CPE	Name	Operator	Version
	compfight	eq	1.4

References

downloads.wordpress.org/plugin/compfight.1.5.zip

packetstormsecurity.com/files/127430/WordPress-Compfight-1.4-Cross-Site-Scripting.html

wordpress.org/plugins/compfight/changelog/