Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1384

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1384
Last Modified 04 Feb 2015 11:56:44
Published 03 Feb 2015 11:59:14
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1384

Summary

Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid parameter in the BannerEffectOptions page to wp-admin/options-general.php.

Vulnerable Systems

Application

  • Banner Effect Header Project Banner Effect Header 1.2.7


References

MISC - https://www.netsparker.com/cve-2015-1384-xss-vulnerability-in-banner-effect-header/

CONFIRM - https://wordpress.org/plugins/banner-effect-header/changelog/

BUGTRAQ - 20150131 Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384

FULLDISC - 20150201 Banner Effect Header Security Advisory - XSS Vulnerability - CVE-2015-1384


Last Updated: 27 May 2016 11:07:42