6.1
CVE-2014-125100
- EPSS 0.53%
- Veröffentlicht 02.05.2023 02:15:27
- Zuletzt bearbeitet 21.11.2024 02:03:48
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
LoginBestWebSoft Job Board Plugin cross site scripting
Job Board by BestWebSoft <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting
A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764.
Mögliche Gegenmaßnahme
Job Board by BestWebSoft: Update to version 1.0.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Bestwebsoft ≫ Job Board Version1.0.0 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Job Board by BestWebSoft
Version
*-1.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.403 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| cna@vuldb.com | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
| cna@vuldb.com | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
https://github.com/wp-plugins/job-board/commit/dbb71deee071422ce3e663fbcdce3ad24886f940
https://vuldb.com/?ctiid.227764
https://vuldb.com/?id.227764
https://www.wordfence.com/threat-intel/vulnerabilities/id/fa2bb0c0-e412-4e78-a7b5-4517f1c15481