Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) vp, (2) vs, (3) l, (4) vu, or (5) vm parameter.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:10
Type | Values Removed | Values Added |
---|---|---|
References | () http://codevigilant.com/disclosure/wp-plugin-verification-code-for-comments-a3-cross-site-scripting-xss - Exploit |
Information
Published : 2014-07-02 20:55
Updated : 2024-11-21 02:10
NVD link : CVE-2014-4565
Mitre link : CVE-2014-4565
CVE.ORG link : CVE-2014-4565
JSON object : View
Products Affected
verification_code_for_comments_project
- verification_code_for_comments
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')