CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2017-2171

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior to version 1.3.2, Custom Search prior to version 1.36, Donate prior to version 2.1.1, Email Queue prior to version 1.1.2, Error Log Viewer prior to version 1.0.6, Facebook Button prior to version 2.54, Featured Posts prior to version 1.0.1, Gallery Categories prior to version 1.0.9, Gallery prior to version 4.5.0, Google +1 prior to version 1.3.4, Google AdSense prior to version 1.44, Google Analytics prior to version 1.7.1, Google Captcha (reCAPTCHA) prior to version 1.28, Google Maps prior to version 1.3.6, Google Shortlink prior to version 1.5.3, Google Sitemap prior to version 3.0.8, Htaccess prior to version 1.7.6, Job Board prior to version 1.1.3, Latest Posts prior to version 0.3, Limit Attempts prior to version 1.1.8, LinkedIn prior to version 1.0.5, Multilanguage prior to version 1.2.2, PDF & Print prior to version 1.9.4, Pagination prior to version 1.0.7, Pinterest prior to version 1.0.5, Popular Posts prior to version 1.0.5, Portfolio prior to version 2.4, Post to CSV prior to version 1.3.1, Profile Extra prior to version 1.0.7. PromoBar prior to version 1.1.1, Quotes and Tips prior to version 1.32, Re-attacher prior to version 1.0.9, Realty prior to version 1.1.0, Relevant - Related Posts prior to version 1.2.0, Sender prior to version 1.2.1, SMTP prior to version 1.1.0, Social Buttons Pack prior to version 1.1.1, Subscriber prior to version 1.3.5, Testimonials prior to version 0.1.9, Timesheet prior to version 0.1.5, Twitter Button prior to version 2.55, User Role prior to version 1.5.6, Updater prior to version 1.35, Visitors Online prior to version 1.0.0, and Zendesk Help Center prior to version 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the function to display the BestWebSoft menu.
Publish Date : 2017-05-22 Last Update Date : 2017-06-09
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
4.3
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact None (There is no impact to the availability of the system.)
Access Complexity Medium (The access conditions are somewhat specialized. Some preconditions must be satistified to exploit)
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Cross Site Scripting
CWE ID 79

- Products Affected By CVE-2017-2171

# Product Type Vendor Product Version Update Edition Language
1 Application Bestwebsoft Captcha 4.2.9 ~~~wordpress~~ Version Details Vulnerabilities
2 Application Bestwebsoft Car Rental 1.0.4 ~~~wordpress~~ Version Details Vulnerabilities
3 Application Bestwebsoft Contact Form 4.0.5 ~~~wordpress~~ Version Details Vulnerabilities
4 Application Bestwebsoft Contact Form Multi 1.2.0 ~~~wordpress~~ Version Details Vulnerabilities
5 Application Bestwebsoft Contact Form To Db 1.5.6 ~~~wordpress~~ Version Details Vulnerabilities
6 Application Bestwebsoft Custom Admin Page 0.1.1 ~~~wordpress~~ Version Details Vulnerabilities
7 Application Bestwebsoft Custom Fields Search 1.3.1 ~~~wordpress~~ Version Details Vulnerabilities
8 Application Bestwebsoft Custom Search 1.35 ~~~wordpress~~ Version Details Vulnerabilities
9 Application Bestwebsoft Donate 2.1.0 ~~~wordpress~~ Version Details Vulnerabilities
10 Application Bestwebsoft Email Queue 1.1.1 ~~~wordpress~~ Version Details Vulnerabilities
11 Application Bestwebsoft Error Log Viewer 1.0.5 ~~~wordpress~~ Version Details Vulnerabilities
12 Application Bestwebsoft Facebook Button 2.53 ~~~wordpress~~ Version Details Vulnerabilities
13 Application Bestwebsoft Featured Posts 1.0.0 ~~~wordpress~~ Version Details Vulnerabilities
14 Application Bestwebsoft Gallery 4.4.9 ~~~wordpress~~ Version Details Vulnerabilities
15 Application Bestwebsoft Gallery Categories 1.0.8 ~~~wordpress~~ Version Details Vulnerabilities
16 Application Bestwebsoft Google +1 1.3.3 ~~~wordpress~~ Version Details Vulnerabilities
17 Application Bestwebsoft Google Adsense 1.43 ~~~wordpress~~ Version Details Vulnerabilities
18 Application Bestwebsoft Google Analytics 1.7.0 ~~~wordpress~~ Version Details Vulnerabilities
19 Application Bestwebsoft Google Captcha (recaptcha) 1.27 ~~~wordpress~~ Version Details Vulnerabilities
20 Application Bestwebsoft Google Maps 1.3.5 ~~~wordpress~~ Version Details Vulnerabilities
21 Application Bestwebsoft Google Shortlink 1.5.2 ~~~wordpress~~ Version Details Vulnerabilities
22 Application Bestwebsoft Google Sitemap 3.0.7 ~~~wordpress~~ Version Details Vulnerabilities
23 Application Bestwebsoft Htaccess 1.7.5 ~~~wordpress~~ Version Details Vulnerabilities
24 Application Bestwebsoft Job Board 1.1.2 ~~~wordpress~~ Version Details Vulnerabilities
25 Application Bestwebsoft Latest Posts 0.2 ~~~wordpress~~ Version Details Vulnerabilities
26 Application Bestwebsoft Limit Attempts 1.1.7 ~~~wordpress~~ Version Details Vulnerabilities
27 Application Bestwebsoft Linkedin 1.0.4 ~~~wordpress~~ Version Details Vulnerabilities
28 Application Bestwebsoft Multilanguage 1.2.1 ~~~wordpress~~ Version Details Vulnerabilities
29 Application Bestwebsoft Pagination 1.0.6 ~~~wordpress~~ Version Details Vulnerabilities
30 Application Bestwebsoft Pdf & Print 1.9.3 ~~~wordpress~~ Version Details Vulnerabilities
31 Application Bestwebsoft Pinterest 1.0.4 ~~~wordpress~~ Version Details Vulnerabilities
32 Application Bestwebsoft Popular Posts 1.0.4 ~~~wordpress~~ Version Details Vulnerabilities
33 Application Bestwebsoft Portfolio 2.3 ~~~wordpress~~ Version Details Vulnerabilities
34 Application Bestwebsoft Post To Csv 1.3.0 ~~~wordpress~~ Version Details Vulnerabilities
35 Application Bestwebsoft Profile Extra 1.0.6 ~~~wordpress~~ Version Details Vulnerabilities
36 Application Bestwebsoft Promobar 1.1.0 ~~~wordpress~~ Version Details Vulnerabilities
37 Application Bestwebsoft Quotes And Tips 1.31 ~~~wordpress~~ Version Details Vulnerabilities
38 Application Bestwebsoft Re-attacher 1.0.8 ~~~wordpress~~ Version Details Vulnerabilities
39 Application Bestwebsoft Realty 1.0.9 ~~~wordpress~~ Version Details Vulnerabilities
40 Application Bestwebsoft Relevant - Related Posts 1.1.9 ~~~wordpress~~ Version Details Vulnerabilities
41 Application Bestwebsoft Sender 1.2.0 ~~~wordpress~~ Version Details Vulnerabilities
42 Application Bestwebsoft Smtp 1.0.9 ~~~wordpress~~ Version Details Vulnerabilities
43 Application Bestwebsoft Social Buttons Pack 1.1.0 ~~~wordpress~~ Version Details Vulnerabilities
44 Application Bestwebsoft Subscriber 1.3.4 ~~~wordpress~~ Version Details Vulnerabilities
45 Application Bestwebsoft Testimonials 0.1.8 ~~~wordpress~~ Version Details Vulnerabilities
46 Application Bestwebsoft Timesheet 0.1.4 ~~~wordpress~~ Version Details Vulnerabilities
47 Application Bestwebsoft Twitter Button 2.54 ~~~wordpress~~ Version Details Vulnerabilities
48 Application Bestwebsoft Updater 1.34 ~~~wordpress~~ Version Details Vulnerabilities
49 Application Bestwebsoft User Role 1.5.5 ~~~wordpress~~ Version Details Vulnerabilities
50 Application Bestwebsoft Visitors Online 0.9 ~~~wordpress~~ Version Details Vulnerabilities
51 Application Bestwebsoft Zendesk Help Center 1.0.4 ~~~wordpress~~ Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Bestwebsoft Captcha 1
Bestwebsoft Car Rental 1
Bestwebsoft Contact Form 1
Bestwebsoft Contact Form Multi 1
Bestwebsoft Contact Form To Db 1
Bestwebsoft Custom Admin Page 1
Bestwebsoft Custom Fields Search 1
Bestwebsoft Custom Search 1
Bestwebsoft Donate 1
Bestwebsoft Email Queue 1
Bestwebsoft Error Log Viewer 1
Bestwebsoft Facebook Button 1
Bestwebsoft Featured Posts 1
Bestwebsoft Gallery 1
Bestwebsoft Gallery Categories 1
Bestwebsoft Google +1 1
Bestwebsoft Google Adsense 1
Bestwebsoft Google Analytics 1
Bestwebsoft Google Captcha (recaptcha) 1
Bestwebsoft Google Maps 1
Bestwebsoft Google Shortlink 1
Bestwebsoft Google Sitemap 1
Bestwebsoft Htaccess 1
Bestwebsoft Job Board 1
Bestwebsoft Latest Posts 1
Bestwebsoft Limit Attempts 1
Bestwebsoft Linkedin 1
Bestwebsoft Multilanguage 1
Bestwebsoft Pagination 1
Bestwebsoft Pdf & Print 1
Bestwebsoft Pinterest 1
Bestwebsoft Popular Posts 1
Bestwebsoft Portfolio 1
Bestwebsoft Post To Csv 1
Bestwebsoft Profile Extra 1
Bestwebsoft Promobar 1
Bestwebsoft Quotes And Tips 1
Bestwebsoft Re-attacher 1
Bestwebsoft Realty 1
Bestwebsoft Relevant - Related Posts 1
Bestwebsoft Sender 1
Bestwebsoft Smtp 1
Bestwebsoft Social Buttons Pack 1
Bestwebsoft Subscriber 1
Bestwebsoft Testimonials 1
Bestwebsoft Timesheet 1
Bestwebsoft Twitter Button 1
Bestwebsoft Updater 1
Bestwebsoft User Role 1
Bestwebsoft Visitors Online 1
Bestwebsoft Zendesk Help Center 1

- References For CVE-2017-2171

https://jvn.jp/en/jp/JVN24834813/index.html
JVN JVN#24834813
http://jvndb.jvn.jp/jvndb/JVNDB-2017-000094
JVNDB JVNDB-2017-000094

- Metasploit Modules Related To CVE-2017-2171

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.