CVE-2015-1436 — MEDIUM (4.3)

Q: How severe is CVE-2015-1436?

CVE-2015-1436 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-1436?

Check the references section above for vendor advisories and patch information. Affected products include: Easing Slider Project Easing Slider.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Easing Slider Project	Easing Slider	<= 2.2.0.6

Related Weaknesses (CWE)

CWE-79

References

http://packetstormsecurity.com/files/130355/WordPress-Easing-Slider-2.2.0.6-CrosExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/534680/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/72572ExploitThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100861VDB Entry
https://wordpress.org/plugins/easing-slider/changelog/PatchRelease Notes
https://www.htbridge.com/advisory/HTB23249Exploit
http://packetstormsecurity.com/files/130355/WordPress-Easing-Slider-2.2.0.6-CrosExploitThird Party AdvisoryVDB Entry
http://www.securityfocus.com/archive/1/534680/100/0/threadedThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/72572ExploitThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100861VDB Entry
https://wordpress.org/plugins/easing-slider/changelog/PatchRelease Notes
https://www.htbridge.com/advisory/HTB23249Exploit

FAQ

What is CVE-2015-1436?

CVE-2015-1436 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easin...

How severe is CVE-2015-1436?

CVE-2015-1436 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-1436?

Check the references section above for vendor advisories and patch information. Affected products include: Easing Slider Project Easing Slider.