Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1366

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1366
Last Modified 29 Jan 2015 09:59:11
Published 27 Jan 2015 03:04:22
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1366

Summary

Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.

Vulnerable Systems

Application

  • Pixabay Images Project Pixabay Images 2.3


References

MISC - https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt

CONFIRM - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php

XF - pixarbay-wordpress-authorlink-xss(100039)

BUGTRAQ - 20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

EXPLOIT-DB - 35846

FULLDISC - 20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities

MISC - http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html

OSVDB - 117144

MLIST - [oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities


Last Updated: 27 May 2016 11:07:38