CVE-2014-4536

{"id": "CVE-2014-4536", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-12-27T20:15:11.487", "references": [{"url": "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://wordpress.org/plugins/infusionsoft/changelog", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "http://codevigilant.com/disclosure/wp-plugin-infusionsoft-a3-cross-site-scripting-xss", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://wordpress.org/plugins/infusionsoft/changelog", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo tests/notAuto_test_ContactService_pauseCampaign.php en el plugin Infusionsoft Gravity Forms versiones anteriores a la versi\u00f3n 1.5.6 para WordPress, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro (1) go, (2) contactId, o (3) campaignId."}], "lastModified": "2024-11-21T02:10:23.613", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E7DEFEDE-110A-4BA8-8F18-6E968DB205AC", "versionEndIncluding": "1.5.6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}