CVE-2014-10012

{"id": "CVE-2014-10012", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-01-13T11:59:21.053", "references": [{"url": "http://packetstormsecurity.com/files/129035/Another-WordPress-Classifieds-Cross-Site-Scripting-SQL-Injection.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98588", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI."}, {"lang": "es", "value": "Vulnerabilidad de XSS en el plugin Another WordPress Classifieds Plugin para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de la cadena de consulta en la URI por defecto."}], "lastModified": "2017-09-08T01:29:03.073", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:awpcp:another_wordpress_classifieds_plugin:3.3.1:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "774A4115-6BFB-4E14-BAD2-0AAC15170496"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}