Lucene search
HistoryDec 19, 2014 - 3:59 p.m.
CVE-2014-8724
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
64.9%
Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the “Cache key” in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.
Affected configurations
Node
boldgridw3_total_cacheRange≤0.9.4wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| boldgrid | w3_total_cache | * | cpe:2.3:a:boldgrid:w3_total_cache:*:*:*:*:*:wordpress:*:* |
Related
wpvulndb
wpvulndb
W3 Total Cache <= 0.9.4 - Debug Mode XSS
2014-12-12 09:20:23
securityvulns
securityvulns
secuvera-SA-2014-01: Reflected XSS in W3 Total Cache
2014-12-22 00:00:00
packetstorm
packetstorm
W3 Total Cache 0.9.4 Cross Site Scripting
2014-12-17 00:00:00
cvelist
cvelist
CVE-2014-8724
2014-12-19 15:00:00
cve
cve
CVE-2014-8724
2014-12-19 15:59:11
nessus
nessus
W3 Total Cache Plugin For WordPress Cache Key XSS
2015-01-15 00:00:00
openvas
openvas
WordPress W3 Total Cache < 0.9.4.1 XSS Vulnerability - Active Check
2014-12-23 00:00:00
patchstack
patchstack
WordPress W3 Total Cache Plugin <= 0.9.4 - XSS
2014-11-10 00:00:00
prion
prion
Cross site scripting
2014-12-19 15:59:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.002
Percentile
64.9%
Related for NVD:CVE-2014-8724