VulDBCVELIST:CVE-2014-125097CVE-2014-125097 BestWebSoft Facebook Like Button facebook-button-plugin.php fcbkbttn_settings_page cross site scripting
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
35.0%
A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The patch is identified as b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability.
CNA Affected
[
{
"vendor": "BestWebSoft",
"product": "Facebook Like Button",
"versions": [
{
"version": "2.0",
"status": "affected"
},
{
"version": "2.1",
"status": "affected"
},
{
"version": "2.2",
"status": "affected"
},
{
"version": "2.3",
"status": "affected"
},
{
"version": "2.4",
"status": "affected"
},
{
"version": "2.5",
"status": "affected"
},
{
"version": "2.6",
"status": "affected"
},
{
"version": "2.7",
"status": "affected"
},
{
"version": "2.8",
"status": "affected"
},
{
"version": "2.9",
"status": "affected"
},
{
"version": "2.10",
"status": "affected"
},
{
"version": "2.11",
"status": "affected"
},
{
"version": "2.12",
"status": "affected"
},
{
"version": "2.13",
"status": "affected"
},
{
"version": "2.14",
"status": "affected"
},
{
"version": "2.15",
"status": "affected"
},
{
"version": "2.16",
"status": "affected"
},
{
"version": "2.17",
"status": "affected"
},
{
"version": "2.18",
"status": "affected"
},
{
"version": "2.19",
"status": "affected"
},
{
"version": "2.20",
"status": "affected"
},
{
"version": "2.21",
"status": "affected"
},
{
"version": "2.22",
"status": "affected"
},
{
"version": "2.23",
"status": "affected"
},
{
"version": "2.24",
"status": "affected"
},
{
"version": "2.25",
"status": "affected"
},
{
"version": "2.26",
"status": "affected"
},
{
"version": "2.27",
"status": "affected"
},
{
"version": "2.28",
"status": "affected"
},
{
"version": "2.29",
"status": "affected"
},
{
"version": "2.30",
"status": "affected"
},
{
"version": "2.31",
"status": "affected"
},
{
"version": "2.32",
"status": "affected"
},
{
"version": "2.33",
"status": "affected"
}
]
}
]Related
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
3.5 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
35.0%