4.3
CVE-2007-3288
- EPSS 1.79%
- Veröffentlicht 20.06.2007 21:30:00
- Zuletzt bearbeitet 16.06.2026 22:41:25
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Loginstats <= 1.0 - Stored Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field.
Mögliche Gegenmaßnahme
stats: Update to version 1.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Skeltoac ≫ Automattic Stats Version1.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
stats
Version
*-1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.79% | 0.755 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://osvdb.org/38472
http://securityreason.com/securityalert/2826
http://www.securityfocus.com/archive/1/471734/100/0/threaded
http://www.securityfocus.com/bid/24551
https://exchange.xforce.ibmcloud.com/vulnerabilities/34934
https://www.wordfence.com/threat-intel/vulnerabilities/id/3eec5823-f1ee-464c-8344-eed3ee991602