Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/101050 | Third Party Advisory VDB Entry |
https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html | Exploit Third Party Advisory VDB Entry |
https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-09-27T17:00:00
Updated: 2017-09-29T09:57:01
Reserved: 2017-09-20T00:00:00
Link: CVE-2017-14622
JSON object: View
NVD Information
Status : Analyzed
Published: 2017-09-28T01:29:01.653
Modified: 2017-10-10T11:37:57.177
Link: CVE-2017-14622
JSON object: View
Redhat Information
No data.
CWE