Lucene search

[email protected]NVD:CVE-2014-4554

HistoryJul 02, 2014 - 8:55 p.m.

CVE-2014-4554

2014-07-0220:55:06

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Cross-site scripting (XSS) vulnerability in templates/download.php in the SS Downloads plugin before 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title parameter.

Affected configurations

Nvd

Node

ss_downloads_projectss_downloadsRange≤1.4.4.1---wordpress

VendorProductVersionCPE
ss_downloads_projectss_downloads*cpe:2.3:a:ss_downloads_project:ss_downloads:*:-:-:*:-:wordpress:*:*

Vendor	Product	Version	CPE
ss_downloads_project	ss_downloads	*	cpe:2.3:a:ss_downloads_project:ss_downloads::-:-::-:wordpress::

References

codevigilant.com/disclosure/wp-plugin-ss-downloads-a3-cross-site-scripting-xss

wordpress.org/plugins/ss-downloads/changelog

www.securityfocus.com/bid/65141

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

57.0%

JSON

Related for NVD:CVE-2014-4554

wpvulndb1 cvelist1 patchstack1 cve1 prion1