{"containers": {"cna": {"affected": [{"product": "Popup Maker", "vendor": "Popup Maker", "versions": [{"status": "affected", "version": "prior to version 1.6.5"}]}], "datePublic": "2017-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Cross-site scripting", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-11T08:06:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://plugins.trac.wordpress.org/changeset/1697216/#file3"}, {"name": "JVN#92921024", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "https://jvn.jp/en/jp/JVN92921024/index.html"}, {"tags": ["x_refsource_MISC"], "url": "https://wordpress.org/plugins/popup-maker/#developers"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/8878"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2017-2284", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Popup Maker", "version": {"version_data": [{"version_value": "prior to version 1.6.5"}]}}]}, "vendor_name": "Popup Maker"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site scripting"}]}]}, "references": {"reference_data": [{"name": "https://plugins.trac.wordpress.org/changeset/1697216/#file3", "refsource": "MISC", "url": "https://plugins.trac.wordpress.org/changeset/1697216/#file3"}, {"name": "JVN#92921024", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN92921024/index.html"}, {"name": "https://wordpress.org/plugins/popup-maker/#developers", "refsource": "MISC", "url": "https://wordpress.org/plugins/popup-maker/#developers"}, {"name": "https://wpvulndb.com/vulnerabilities/8878", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/8878"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2017-2284", "datePublished": "2017-08-02T16:00:00", "dateReserved": "2016-12-01T00:00:00", "dateUpdated": "2020-03-11T08:06:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "90C161EC-2573-42D2-87D9-34B3D6B8DC9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D9B91723-3887-4F17-9C22-F75D9190EE56", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F1AC248E-BF46-422F-84F9-EDC409CA22F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6C0338C3-969D-49CC-8883-A6FC1F85EA96", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "54C7BF56-F9C6-4858-9084-20BC7695BD6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "36323BBF-DF81-47D3-B126-6673A3BF8F35", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4B6B06C5-EBE8-4BD5-AB71-1212847F2D42", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2B9A7EA4-3EAC-40C3-945B-96B26462B163", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9D48C71B-3971-4AD2-897F-ED9BCF478451", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D789C13D-7C6D-4F5B-A212-B836E08E213A", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CFE80F18-726C-4BDE-838C-B44479DF6165", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "440D38B5-4C30-4960-8DF7-1234AB843972", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4EB472CF-32C4-4BB0-AF92-8B015A40BE59", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "59839A5E-3462-4084-AC68-E9BB758D29AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "37360399-BB08-4CCD-BF97-9C244B8538AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "34C82A10-464A-4CDC-8947-7B1494F0EB2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "70B17631-F056-4E9B-BFF8-73BCE1116815", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "76350181-42BA-49C3-A25D-9B9FCB4E526B", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8E3085B2-66B0-4006-AA8E-9EF4CAB97FDB", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "102F9DD7-E0B5-4918-895E-DEFCAAC8FC52", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "39D04E83-EF5C-4981-BB0E-6F929AF1C25C", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C759FBB3-A063-4CCC-B3A5-F6DC8D6B8A6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "283F2952-A467-4E2C-9E01-7E48234A3B2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AB0D76F5-C2EB-4C6D-A187-DF3363EC19A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "70B45C8A-79DA-4AEE-BCC1-C06C77FEE40C", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8FCC14C3-C650-44AF-8292-5497B508556A", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "007D28DF-7E53-486F-B9AB-1BCD54020AD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5B735B73-E003-4848-A7F3-EBA9D19039EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8868752E-BB92-43F4-8D1C-769D512DA13E", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "334E63C2-E717-4C11-958D-B48EE3440B12", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "82588758-797D-489D-A19F-0E0D7CC807E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8588997E-AA8B-440F-9F1B-713FFB097234", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FA9E5F61-97EB-470B-BA39-50ED30FDA492", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3C2511EE-E091-41C4-BF06-DFBC27B3E3B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BFB9A292-0E2D-4378-9039-ED45DABE726C", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CEDE2DC6-0A58-47C2-944F-8010524B2821", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5827184B-ACEC-452A-8190-64A32F76E902", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6E5B070F-A8E3-4320-832E-1FE9577E7B1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8142F60E-FDBF-4DE1-89C9-5925290E9E92", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FEE8319A-33A8-486C-92A5-4941681B8B3E", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "10A5384C-C79D-429A-9094-538BE9C70C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "39F86BCA-C2F6-4664-B36E-43FF3F9D13C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0C583011-48FD-4EC3-9C58-28EF3E5C9D1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.13:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DD0B7B26-72EA-4712-B783-3989FDB05194", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.14:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6A1CC3A8-EBAA-4FA2-B0B9-4B05C9742CEE", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.15:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FE801999-733C-4C82-9114-B2228AADE290", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.16:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7A33CEB9-8CE3-4F1A-A1C8-2176F65DA787", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.17:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AF294B42-DF3C-4ACB-B439-CE41581FB685", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.18:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D18DDBCA-4F33-4CD0-BE52-1B6F87D273E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.19:*:*:*:*:wordpress:*:*", "matchCriteriaId": "65B14941-933B-4ECF-95CA-16F208EB2FCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.20:*:*:*:*:wordpress:*:*", "matchCriteriaId": "38951BCB-E275-4952-850A-F007CB06B5ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.21:*:*:*:*:wordpress:*:*", "matchCriteriaId": "862E52EA-4F2E-42F5-8099-DAC7F3025923", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5AD0FA3F-03CC-470D-A0A5-857CA7A46D73", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0CC71336-9C78-4228-9393-F9139ED44979", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FF5128CC-6B8B-4CC6-9D08-2188D93ABD83", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30B1DDBC-10D1-4718-B07E-946D72F1B581", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9E0DC38E-A42A-4008-9E67-0487F0849CED", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9B9657B9-C347-4DF9-A306-C281396FB81D", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E0E732F1-84C1-44A6-B1B3-BCA25B8272C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A78EFBC6-C767-466E-8A7A-68A7606227C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C218BC8D-9798-4EEC-8B64-EE96888FA338", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4177F386-AFB2-421B-8444-89D16B6C78C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CF7C5849-3102-4D27-BBB8-A6E31230150F", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30BCFF57-5F8E-478B-A484-9C771BA33E83", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D00FE9DD-4EF5-4CAF-88B1-0C260610063A", "vulnerable": true}, {"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FAB6541B-F121-4668-A2CA-EE6120014633", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en versiones anteriores a la 1.6.5 de Popup Maker permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."}], "id": "CVE-2017-2284", "lastModified": "2020-03-11T22:13:36.620", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-02T16:29:00.520", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN92921024/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Patch", "Third Party Advisory"], "url": "https://plugins.trac.wordpress.org/changeset/1697216/#file3"}, {"source": "vultures@jpcert.or.jp", "tags": ["Product", "Third Party Advisory"], "url": "https://wordpress.org/plugins/popup-maker/#developers"}, {"source": "vultures@jpcert.or.jp", "url": "https://wpvulndb.com/vulnerabilities/8878"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}