Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-100026

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-100026
Last Modified 14 Jan 2015 02:55:30
Published 13 Jan 2015 10:59:27
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-100026

Summary

Cross-site scripting (XSS) vulnerability in readme.php in the April's Super Functions Pack plugin before 1.4.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • April%27s Super Functions Pack Project April%27s Super Functions Pack 1.4.7


References

CONFIRM - https://wordpress.org/plugins/aprils-super-functions-pack/changelog/

XF - aprilsuperfunctions-readme-xss(90172)

BID - 64699

SECUNIA - 55576

OSVDB - 101807


Last Updated: 27 May 2016 11:07:32