CVE-2014-6445

{"id": "CVE-2014-6445", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-09-26T21:55:07.050", "references": [{"url": "http://research.g0blin.co.uk/cve-2014-6445/", "source": "cve@mitre.org"}, {"url": "https://wordpress.org/plugins/contact-form-7-integrations/changelog/", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in includes/toAdmin.php in Contact Form 7 Integrations plugin 1.0 through 1.3.10 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) uE or (2) uC parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en includes/toAdmin.php en el plugin Contact Form 7 Integrations 1.0 hasta 1.3.10 para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) uE o (2) uC."}], "lastModified": "2014-09-30T15:06:45.900", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "8D4B4ECC-1A03-40DB-8923-E2AFFC4A90D2"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "CFC16D64-ADEB-47CA-89EE-3DF1B6865ABF"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.2:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0F28C305-7215-4797-9648-8144DE148271"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.3:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "62DB679F-8FE6-4808-AD70-54919C9CFA31"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.4:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "DA25E8A0-6039-4C6F-A57E-985462156714"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.5:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B92BA806-A347-4405-BC26-7613ACB51B39"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.6:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "9FEA6ED6-0F6A-4FE7-8B01-D47FEE0AC75E"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.7:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "F0575D3F-5E73-48A8-A190-2187A862EC30"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.8:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "BF5C3CC5-D4C0-4DB9-972F-324BA188E93B"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.9:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "D8AD1117-5DA4-4190-9B1A-981702607892"}, {"criteria": "cpe:2.3:a:contactus:contact_form_7_integrations:1.3.10:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "72EEA488-10F5-43F1-AC8E-FDC79F406E38"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}