CVE-2017-2171

EPSS 0.23%
Veröffentlicht 22.05.2017 16:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle vultures@jpcert.or.jp
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Bestwebsoft ≫ Captcha SwPlatformwordpress Version <= 4.2.9

Bestwebsoft ≫ Car Rental SwPlatformwordpress Version <= 1.0.4

Bestwebsoft ≫ Contact Form SwPlatformwordpress Version <= 4.0.5

Bestwebsoft ≫ Contact Form Multi SwPlatformwordpress Version <= 1.2.0

Bestwebsoft ≫ Contact Form To Db SwPlatformwordpress Version <= 1.5.6

Bestwebsoft ≫ Custom Admin Page SwPlatformwordpress Version <= 0.1.1

Bestwebsoft ≫ Custom Fields Search SwPlatformwordpress Version <= 1.3.1

Bestwebsoft ≫ Custom Search SwPlatformwordpress Version <= 1.35

Bestwebsoft ≫ Donate SwPlatformwordpress Version <= 2.1.0

Bestwebsoft ≫ Email Queue SwPlatformwordpress Version <= 1.1.1

Bestwebsoft ≫ Error Log Viewer SwPlatformwordpress Version <= 1.0.5

Bestwebsoft ≫ Facebook Button SwPlatformwordpress Version <= 2.53

Bestwebsoft ≫ Featured Posts SwPlatformwordpress Version <= 1.0.0

Bestwebsoft ≫ Gallery SwPlatformwordpress Version <= 4.4.9

Bestwebsoft ≫ Gallery Categories SwPlatformwordpress Version <= 1.0.8

Bestwebsoft ≫ Google Adsense SwPlatformwordpress Version <= 1.43

Bestwebsoft ≫ Google Analytics SwPlatformwordpress Version <= 1.7.0

Bestwebsoft ≫ Google Maps SwPlatformwordpress Version <= 1.3.5

Bestwebsoft ≫ Google Shortlink SwPlatformwordpress Version <= 1.5.2

Bestwebsoft ≫ Google Sitemap SwPlatformwordpress Version <= 3.0.7

Bestwebsoft ≫ Htaccess SwPlatformwordpress Version <= 1.7.5

Bestwebsoft ≫ Job Board SwPlatformwordpress Version <= 1.1.2

Bestwebsoft ≫ Latest Posts SwPlatformwordpress Version <= 0.2

Bestwebsoft ≫ Limit Attempts SwPlatformwordpress Version <= 1.1.7

Bestwebsoft ≫ Linkedin SwPlatformwordpress Version <= 1.0.4

Bestwebsoft ≫ Multilanguage SwPlatformwordpress Version <= 1.2.1

Bestwebsoft ≫ Pagination SwPlatformwordpress Version <= 1.0.6

Bestwebsoft ≫ Pinterest SwPlatformwordpress Version <= 1.0.4

Bestwebsoft ≫ Popular Posts SwPlatformwordpress Version <= 1.0.4

Bestwebsoft ≫ Portfolio SwPlatformwordpress Version <= 2.3

Bestwebsoft ≫ Post To Csv SwPlatformwordpress Version <= 1.3.0

Bestwebsoft ≫ Profile Extra SwPlatformwordpress Version <= 1.0.6

Bestwebsoft ≫ Promobar SwPlatformwordpress Version <= 1.1.0

Bestwebsoft ≫ Quotes And Tips SwPlatformwordpress Version <= 1.31

Bestwebsoft ≫ Re-attacher SwPlatformwordpress Version <= 1.0.8

Bestwebsoft ≫ Realty SwPlatformwordpress Version <= 1.0.9

Bestwebsoft ≫ Relevant - Related Posts SwPlatformwordpress Version <= 1.1.9

Bestwebsoft ≫ Sender SwPlatformwordpress Version <= 1.2.0

Bestwebsoft ≫ Smtp SwPlatformwordpress Version <= 1.0.9

Bestwebsoft ≫ Social Buttons Pack SwPlatformwordpress Version <= 1.1.0

Bestwebsoft ≫ Subscriber SwPlatformwordpress Version <= 1.3.4

Bestwebsoft ≫ Testimonials SwPlatformwordpress Version <= 0.1.8

Bestwebsoft ≫ Timesheet SwPlatformwordpress Version <= 0.1.4

Bestwebsoft ≫ Twitter Button SwPlatformwordpress Version <= 2.54

Bestwebsoft ≫ Updater SwPlatformwordpress Version <= 1.34

Bestwebsoft ≫ User Role SwPlatformwordpress Version <= 1.5.5

Bestwebsoft ≫ Visitors Online SwPlatformwordpress Version <= 0.9

Bestwebsoft ≫ Zendesk Help Center SwPlatformwordpress Version <= 1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.431

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CWE-91 XML Injection (aka Blind XPath Injection)

The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094

Third Party Advisory

VDB Entry

https://jvn.jp/en/jp/JVN24834813/index.html

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-2171

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-2171

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-2171

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-2171