CVE-2017-2284

{"id": "CVE-2017-2284", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-08-02T16:29:00.520", "references": [{"url": "https://jvn.jp/en/jp/JVN92921024/index.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "vultures@jpcert.or.jp"}, {"url": "https://plugins.trac.wordpress.org/changeset/1697216/#file3", "tags": ["Patch", "Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://wordpress.org/plugins/popup-maker/#developers", "tags": ["Product", "Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://wpvulndb.com/vulnerabilities/8878", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en versiones anteriores a la 1.6.5 de Popup Maker permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."}], "lastModified": "2020-03-11T22:13:36.620", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "90C161EC-2573-42D2-87D9-34B3D6B8DC9C"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D9B91723-3887-4F17-9C22-F75D9190EE56"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F1AC248E-BF46-422F-84F9-EDC409CA22F3"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6C0338C3-969D-49CC-8883-A6FC1F85EA96"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "54C7BF56-F9C6-4858-9084-20BC7695BD6D"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "36323BBF-DF81-47D3-B126-6673A3BF8F35"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4B6B06C5-EBE8-4BD5-AB71-1212847F2D42"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2B9A7EA4-3EAC-40C3-945B-96B26462B163"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9D48C71B-3971-4AD2-897F-ED9BCF478451"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D789C13D-7C6D-4F5B-A212-B836E08E213A"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CFE80F18-726C-4BDE-838C-B44479DF6165"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "440D38B5-4C30-4960-8DF7-1234AB843972"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4EB472CF-32C4-4BB0-AF92-8B015A40BE59"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "59839A5E-3462-4084-AC68-E9BB758D29AF"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "37360399-BB08-4CCD-BF97-9C244B8538AB"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "34C82A10-464A-4CDC-8947-7B1494F0EB2C"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.10:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "70B17631-F056-4E9B-BFF8-73BCE1116815"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "76350181-42BA-49C3-A25D-9B9FCB4E526B"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8E3085B2-66B0-4006-AA8E-9EF4CAB97FDB"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "102F9DD7-E0B5-4918-895E-DEFCAAC8FC52"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "39D04E83-EF5C-4981-BB0E-6F929AF1C25C"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C759FBB3-A063-4CCC-B3A5-F6DC8D6B8A6F"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "283F2952-A467-4E2C-9E01-7E48234A3B2E"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AB0D76F5-C2EB-4C6D-A187-DF3363EC19A6"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "70B45C8A-79DA-4AEE-BCC1-C06C77FEE40C"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8FCC14C3-C650-44AF-8292-5497B508556A"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "007D28DF-7E53-486F-B9AB-1BCD54020AD5"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5B735B73-E003-4848-A7F3-EBA9D19039EA"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8868752E-BB92-43F4-8D1C-769D512DA13E"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "334E63C2-E717-4C11-958D-B48EE3440B12"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "82588758-797D-489D-A19F-0E0D7CC807E5"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8588997E-AA8B-440F-9F1B-713FFB097234"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FA9E5F61-97EB-470B-BA39-50ED30FDA492"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "3C2511EE-E091-41C4-BF06-DFBC27B3E3B9"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BFB9A292-0E2D-4378-9039-ED45DABE726C"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CEDE2DC6-0A58-47C2-944F-8010524B2821"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5827184B-ACEC-452A-8190-64A32F76E902"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6E5B070F-A8E3-4320-832E-1FE9577E7B1A"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8142F60E-FDBF-4DE1-89C9-5925290E9E92"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FEE8319A-33A8-486C-92A5-4941681B8B3E"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.10:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "10A5384C-C79D-429A-9094-538BE9C70C9E"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.11:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "39F86BCA-C2F6-4664-B36E-43FF3F9D13C1"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.12:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0C583011-48FD-4EC3-9C58-28EF3E5C9D1A"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.13:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DD0B7B26-72EA-4712-B783-3989FDB05194"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.14:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "6A1CC3A8-EBAA-4FA2-B0B9-4B05C9742CEE"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.15:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FE801999-733C-4C82-9114-B2228AADE290"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.16:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "7A33CEB9-8CE3-4F1A-A1C8-2176F65DA787"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.17:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AF294B42-DF3C-4ACB-B439-CE41581FB685"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.18:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D18DDBCA-4F33-4CD0-BE52-1B6F87D273E6"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.19:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "65B14941-933B-4ECF-95CA-16F208EB2FCF"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.20:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "38951BCB-E275-4952-850A-F007CB06B5ED"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.21:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "862E52EA-4F2E-42F5-8099-DAC7F3025923"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "5AD0FA3F-03CC-470D-A0A5-857CA7A46D73"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0CC71336-9C78-4228-9393-F9139ED44979"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FF5128CC-6B8B-4CC6-9D08-2188D93ABD83"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "30B1DDBC-10D1-4718-B07E-946D72F1B581"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9E0DC38E-A42A-4008-9E67-0487F0849CED"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9B9657B9-C347-4DF9-A306-C281396FB81D"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "E0E732F1-84C1-44A6-B1B3-BCA25B8272C8"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A78EFBC6-C767-466E-8A7A-68A7606227C2"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "C218BC8D-9798-4EEC-8B64-EE96888FA338"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.0:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4177F386-AFB2-421B-8444-89D16B6C78C8"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CF7C5849-3102-4D27-BBB8-A6E31230150F"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "30BCFF57-5F8E-478B-A484-9C771BA33E83"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D00FE9DD-4EF5-4CAF-88B1-0C260610063A"}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FAB6541B-F121-4668-A2CA-EE6120014633"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}