Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2040

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2014-2040
Last Modified 07 Mar 2014 03:32:07
Published 03 Mar 2014 01:55:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2014-2040

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.

Vulnerable Systems

Application

  • Jordy Meow Media File Renamer 1.7.0


References

MISC - http://www.vapid.dhs.org/advisories/wordpress/plugins/MediaFileRenamer-1.7.0/index.html

BID - 65715

BUGTRAQ - 20140226 Persistent XSS in Media File Renamer V1.7.0 wordpress plugin


Last Updated: 27 May 2016 11:04:32