CVE-2017-2285

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Link Resource
https://jvn.jp/en/jp/JVN31459091/index.html Third Party Advisory VDB Entry
https://plugins.trac.wordpress.org/changeset/1695440/#file6 Patch Third Party Advisory
https://wordpress.org/plugins/custom-css-js/#developers Product Third Party Advisory
https://wpvulndb.com/vulnerabilities/8879 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:silkypress:simple_custom_css_and_js:1.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:1.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:1.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:1.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:1.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:1.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:1.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.3:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.4:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.5:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.6:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.7:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.8:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.9:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:2.10:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:3.0:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:3.1:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:3.2:*:*:*:*:wordpress:*:*
cpe:2.3:a:silkypress:simple_custom_css_and_js:3.3:*:*:*:*:wordpress:*:*

History

No history.

Information

Published : 2017-08-02 16:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-2285

Mitre link : CVE-2017-2285

CVE.ORG link : CVE-2017-2285


JSON object : View

Products Affected

silkypress

  • simple_custom_css_and_js
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')