Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8724

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-8724
Last Modified 19 Dec 2014 02:33:53
Published 19 Dec 2014 10:59:11
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8724

Summary

Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI.

Vulnerable Systems

Application

  • W3edge Total Cache 0.9.4


References

MISC - https://www.secuvera.de/advisories/secuvera-SA-2014-01.txt

CONFIRM - https://wordpress.org/plugins/w3-total-cache/changelog/

BUGTRAQ - 20141217 secuvera-SA-2014-01: Reflected XSS in W3 Total Cache

MISC - http://packetstormsecurity.com/files/129626/W3-Total-Cache-0.9.4-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:07:20