Lucene search
SecuBeastTeamWPVDB-ID:478B13A3-DEE7-4110-8D3A-1BF50C7CDB41HistoryNov 26, 2014 - 11:44 a.m.
Google Analytics by Yoast <= 5.1.2 Cross-Site Scripting (XSS)
2014-11-2611:44:53
SecuBeastTeam
wpscan.com
9
0.003 Low
EPSS
Percentile
65.6%
The value of the input field “manual_ua_code_field” (Analytics > Settings) is saved without any validation. Malicious JavaScript code can be injected. Screenshots: http://imgur.com/4TA6sSe,DFUlAy5#1 http://imgur.com/4TA6sSe,DFUlAy5#0
| CPE | Name | Operator | Version |
|---|---|---|---|
| google-analytics-for-wordpress | lt | 5.1.3 |
Related
cvelist
cvelist
CVE-2014-9174
2014-12-02 16:00:00
prion
prion
Cross site scripting
2014-12-02 16:59:00
kitploit
kitploit
Plecost v1.1.1 - Wordpress Finger Printer Tool
2017-08-18 14:12:00
cve
cve
CVE-2014-9174
2014-12-02 16:59:10
patchstack
patchstack
WordPress Google Analytics Plugin <= 5.1.2 - XSS
2014-12-02 00:00:00
nvd
nvd
CVE-2014-9174
2014-12-02 16:59:10