4.3
CVE-2014-3842
- EPSS 4.53%
- Veröffentlicht 22.05.2014 15:13:04
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginiMember360is 3.8.012 - 3.9.001 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.
Mögliche Gegenmaßnahme
iMember360is: Update to version 3.9.002, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Imember360 ≫ Imember360 Version3.8.012 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.8.013 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.8.014 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.9.000 SwPlatformwordpress
Imember360 ≫ Imember360 Version3.9.001 SwPlatformwordpress
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
iMember360is
Version
[3.8.012, 3.9.002)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.53% | 0.903 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
http://osvdb.org/show/osvdb/106299
http://packetstormsecurity.com/files/126324/WordPress-iMember360is-3.9.001-XSS-Disclosure-Code-Execution.html
http://seclists.org/fulldisclosure/2014/Apr/265
http://secunia.com/advisories/58094
http://www.exploit-db.com/exploits/33076
https://www.wordfence.com/threat-intel/vulnerabilities/id/87870d48-05ff-4f51-9ad9-091ce2ffaf01