Vulnerability Description
Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tim Rohrer | Wordpress Spreadsheet Plugin | 0.62 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/127770/WordPress-WPSS-0.62-Cross-Site-ScripExploit
- http://www.securityfocus.com/bid/69073Exploit
- http://packetstormsecurity.com/files/127770/WordPress-WPSS-0.62-Cross-Site-ScripExploit
- http://www.securityfocus.com/bid/69073Exploit
FAQ
What is CVE-2014-8364?
CVE-2014-8364 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id pa...
How severe is CVE-2014-8364?
CVE-2014-8364 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8364?
Check the references section above for vendor advisories and patch information. Affected products include: Tim Rohrer Wordpress Spreadsheet Plugin.