CVE-2014-8724

Sažetak

Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.

Reference

http://packetstormsecurity.com/files/129626/W3-Total-Cache-0.9.4-Cross-Site-Scripting.html
https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt
https://wordpress.org/plugins/w3-total-cache/changelog/
http://www.securityfocus.com/archive/1/534266/100/0/threaded

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

26-05-2023 - 17:46

Objavljeno

19-12-2014 - 15:59