CVE-2014-4543

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

M

ultiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter.

References

Link	Resource
http://codevigilant.com/disclosure/wp-plugin-pay-per-media-player-a3-cross-site-scripting-xss	Exploit
http://www.securityfocus.com/bid/68447	Exploit
http://codevigilant.com/disclosure/wp-plugin-pay-per-media-player-a3-cross-site-scripting-xss	Exploit
http://www.securityfocus.com/bid/68447	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:pay_per_media_player_project:pay_per_media_player:*:-:-:*:-:wordpress:*:*

History

21 Nov 2024, 02:10

Type	Values Removed	Values Added
References	~~() http://codevigilant.com/disclosure/wp-plugin-pay-per-media-player-a3-cross-site-scripting-xss - Exploit~~	() http://codevigilant.com/disclosure/wp-plugin-pay-per-media-player-a3-cross-site-scripting-xss - Exploit
References	~~() http://www.securityfocus.com/bid/68447 - Exploit~~	() http://www.securityfocus.com/bid/68447 - Exploit

Information

Published : 2014-07-02 18:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4543

Mitre link : CVE-2014-4543

CVE.ORG link : CVE-2014-4543

JSON object : View

Products Affected

pay_per_media_player_project

pay_per_media_player

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2014-4543", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-07-02T18:55:09.080", "references": [{"url": "http://codevigilant.com/disclosure/wp-plugin-pay-per-media-player-a3-cross-site-scripting-xss", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/bid/68447", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "http://codevigilant.com/disclosure/wp-plugin-pay-per-media-player-a3-cross-site-scripting-xss", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68447", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in payper/payper.php in the Pay Per Media Player plugin 1.24 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, or (10) size parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en payper/payper.php en el plugin Pay Per Media Player 1.24 y anteriores para WordPress permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) fcolor, (2) links, (3) stitle, (4) height, (5) width, (6) host, (7) bcolor, (8) msg, (9) id, o (10) size."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pay_per_media_player_project:pay_per_media_player:*:-:-:*:-:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "B4E5A03C-3F51-4CEA-A5D9-5FCDDF323934", "versionEndIncluding": "1.24"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}