CVE-2014-3870

Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:bib2html_project:bib2html:0.9.3:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 02:09

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/126782/wpbib2html-xss.txt - Exploit () http://packetstormsecurity.com/files/126782/wpbib2html-xss.txt - Exploit
References () http://www.securityfocus.com/bid/67589 - Exploit () http://www.securityfocus.com/bid/67589 - Exploit

Information

Published : 2014-05-27 13:55

Updated : 2024-11-21 02:09


NVD link : CVE-2014-3870

Mitre link : CVE-2014-3870

CVE.ORG link : CVE-2014-3870


JSON object : View

Products Affected

bib2html_project

  • bib2html
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')