6.1
CVE-2014-125035
- EPSS 0.58%
- Veröffentlicht 02.01.2023 16:15:10
- Zuletzt bearbeitet 21.11.2024 02:03:38
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginJobs-Plugin cross site scripting
A vulnerability classified as problematic was found in Jobs-Plugin. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier of the patch is b8a56718b1d42834c6ec51d9c489c5dc20471d7b. It is recommended to apply a patch to fix this issue. The identifier VDB-217189 was assigned to this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Jobs-plugin Project ≫ Jobs-plugin Version < 2014-12-01
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.58% | 0.43 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/mrbobbybryant/Jobs-Plugin/commit/b8a56718b1d42834c6ec51d9c489c5dc20471d7b
https://github.com/mrbobbybryant/Jobs-Plugin/pull/2
https://vuldb.com/?ctiid.217189
https://vuldb.com/?id.217189