Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1436

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1436
Last Modified 17 Feb 2015 01:08:44
Published 16 Feb 2015 10:59:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1436

Summary

Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the (1) easingslider_manage_customizations or (2) easingslider_edit_sliders page to wp-admin/admin.php.

Vulnerable Systems

Application

  • Easing Slider 2.2.0.6


References

MISC - https://www.htbridge.com/advisory/HTB23249

CONFIRM - https://wordpress.org/plugins/easing-slider/changelog/

XF - wp-easingslider-cve20151436-xss(100861)

BID - 72572

BUGTRAQ - 20150211 Two Reflected XSS Vulnerabilities in Easing Slider WordPress Plugin

MISC - http://packetstormsecurity.com/files/130355/WordPress-Easing-Slider-2.2.0.6-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:07:50