CVE-2014-4565

Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter.
Configurations

Configuration 1 (hide)

cpe:2.3:a:verification_code_for_comments_project:verification_code_for_comments:*:-:-:*:-:wordpress:*:*

History

21 Nov 2024, 02:10

Type Values Removed Values Added
References () http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss - Exploit () http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss - Exploit

Information

Published : 2014-07-02 20:55

Updated : 2024-11-21 02:10


NVD link : CVE-2014-4565

Mitre link : CVE-2014-4565

CVE.ORG link : CVE-2014-4565


JSON object : View

Products Affected

verification_code_for_comments_project

  • verification_code_for_comments
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')