Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-100007

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-100007
Last Modified 13 Jan 2015 04:51:59
Published 13 Jan 2015 06:59:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-100007

Summary

Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Hk Exif Tags Project Hk Exif Tags 1.11


References

CONFIRM - https://wordpress.org/plugins/hk-exif-tags/changelog/

XF - hkexif-wordpress-xss(92555)

SECUNIA - 57753


Last Updated: 27 May 2016 11:07:30