Vulnerability Details : CVE-2014-4521
Cross-site scripting (XSS) vulnerability in client-assist.php in the dsIDXpress IDX plugin before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2014-4521
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:*:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.30:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.29:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.28:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.27:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.26:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.13:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.12:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.11:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.10:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.38:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.37:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.36:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.35:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.21:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.20:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.19:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.18:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.5:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.4:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.3:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.39:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.34:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.32:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.25:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.23:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.16:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.14:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.9:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.7:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.0:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.33:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.31:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.24:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.22:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.17:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.15:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.8:*:*:*:*:wordpress:*:*
- cpe:2.3:a:diversesolutions:dsidxpress_idx_plugin:2.0.6:*:*:*:*:wordpress:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4521
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4521
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-4521
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4521
-
http://codevigilant.com/disclosure/wp-plugin-dsidxpress-a3-cross-site-scripting-xss
wp-plugin : dsidxpress – A3-Cross-Site Scripting (XSS) | Code VigilantExploit;Patch
-
http://wordpress.org/plugins/dsidxpress/changelog
dsIDXpress – WordPress plugin | WordPress.org
Jump to