Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) name, (3) address, or (4) comment parameter to forms.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Goywp | Webpress | 13.00.06 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129443/goYWP-WebPress-13.00.06-Cross-Site-S
- http://seclists.org/fulldisclosure/2014/Dec/34
- http://packetstormsecurity.com/files/129443/goYWP-WebPress-13.00.06-Cross-Site-S
- http://seclists.org/fulldisclosure/2014/Dec/34
FAQ
What is CVE-2014-8751?
CVE-2014-8751 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) nam...
How severe is CVE-2014-8751?
CVE-2014-8751 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8751?
Check the references section above for vendor advisories and patch information. Affected products include: Goywp Webpress.