Lucene search

[email protected]CVE-2015-4337

HistoryJun 17, 2015 - 6:59 p.m.

CVE-2015-4337

2015-06-1718:59:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-4337

cross-site scripting

xss

vulnerability

xcloner

wordpress

remote authenticated users

web script

html

nvd

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xcloner_show page to wpadmin/plugins.php.

Affected configurations

NVD

Node

xclonerxclonerMatch3.1.2wordpress

CPENameOperatorVersion
xcloner:xclonerxclonereq3.1.2

CPE	Name	Operator	Version
xcloner:xcloner	xcloner	eq	3.1.2

References

packetstormsecurity.com/files/132107/WordPress-XCloner-3.1.2-XSS-Command-Execution.html

www.securityfocus.com/bid/74943

www.vapid.dhs.org/advisory.php?v=121

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for CVE-2015-4337

nvd1 prion1 cvelist1 patchstack1 packetstorm1 wpvulndb1 securityvulns1