Lucene search

[email protected]CVE-2014-6444

HistoryJan 08, 2016 - 9:59 p.m.

CVE-2014-6444

2016-01-0821:59:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2014

6444

titan framework

xss

vulnerabilities

wordpress

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

47.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php.

Affected configurations

NVD

Node

titan_framework_projecttitan_frameworkRange≤1.5wordpress

CPENameOperatorVersion
titan_framework_project:titan_frameworktitan framework project titan frameworkle1.5

CPE	Name	Operator	Version
titan_framework_project:titan_framework	titan framework project titan framework	le	1.5

References

research.g0blin.co.uk/cve-2014-6444/

wpvulndb.com/vulnerabilities/8233

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for CVE-2014-6444

nvd1 prion1 patchstack1 cvelist1 openvas1 wpvulndb1