Lucene search
HistoryMay 27, 2015 - 6:59 p.m.
CVE-2015-4063
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
Affected configurations
Node
newstatpress_projectnewstatpressRange≤0.9.8wordpress
Related
cvelist
cvelist
CVE-2015-4063
2015-05-27 18:00:00
nuclei
nuclei
NewStatPress <0.9.9 - Cross-Site Scripting
2023-03-05 13:42:10
prion
prion
Cross site scripting
2015-05-27 18:59:00
cve
cve
CVE-2015-4063
2015-05-27 18:59:04
zdt
zdt
packetstorm
packetstorm
WordPress NewStatPress 0.9.8 Cross Site Scripting / SQL Injection
2015-05-25 00:00:00
exploitpack
exploitpack
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
2015-05-26 00:00:00
wpvulndb
wpvulndb
NewStatPress 0.9.8 - XSS & SQL Injection
2015-05-25 00:00:00
seebug
seebug
WordPress NewStatPress Plugin 0.9.8 xss+sql注入
2015-08-31 00:00:00
exploitdb
exploitdb
WordPress Plugin NewStatPress 0.9.8 - Multiple Vulnerabilities
2015-05-26 00:00:00
3.5 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.04 Low
EPSS
Percentile
92.1%
Related for NVD:CVE-2015-4063