CVE-2015-7667

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: Resads
Vendor: CVE Published:; 27 December 2017

Summary

Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter.

References

https://wpvulndb.com/vulnerabilities/8204

x_refsource_MISC

https://wordpress.org/plugins/resads/#developers

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/536601/100/0/threaded

mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 27, 2017
Vulnerability Reserved
Oct 1, 2015

.