Sign-up

ID

VAR-201908-1065


CVE

CVE-2016-10880


TITLE

WordPress for google-document-embedder Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-007792

DESCRIPTION

The google-document-embedder plugin before 2.6.1 for WordPress has XSS. WordPress for google-document-embedder The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. google-document-embedder is one of the plug-ins used to add files to pages and provide download links. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2016-10880 // JVNDB: JVNDB-2019-007792 // VULHUB: VHN-89701

AFFECTED PRODUCTS

vendor:google doc embeddermodel:google doc embedderscope:ltversion:2.6.1

Trust: 1.8

sources: JVNDB: JVNDB-2019-007792 // NVD: CVE-2016-10880

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10880
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-10880
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-1048
value: MEDIUM

Trust: 0.6

VULHUB: VHN-89701
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-10880
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-89701
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10880
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-89701 // JVNDB: JVNDB-2019-007792 // CNNVD: CNNVD-201908-1048 // NVD: CVE-2016-10880

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-89701 // JVNDB: JVNDB-2019-007792 // NVD: CVE-2016-10880

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1048

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-1048

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007792

PATCH
title:Google Doc Embedderurl:https://wordpress.org/plugins/google-document-embedder/#developers
Trust: 0.8
title:WordPress google-document-embedder Plugin cross-site scripting vulnerability. Repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96725
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007792 // 
            
            
            
            CNNVD: CNNVD-201908-1048

EXTERNAL IDS
db:NVDid:CVE-2016-10880
Trust: 2.5
db:JVNDBid:JVNDB-2019-007792
Trust: 0.8
db:CNNVDid:CNNVD-201908-1048
Trust: 0.7
db:VULHUBid:VHN-89701
Trust: 0.1
sources:
            
            
            VULHUB: VHN-89701 // 
            
            
            
            JVNDB: JVNDB-2019-007792 // 
            
            
            
            CNNVD: CNNVD-201908-1048 // 
            
            
            
            NVD: CVE-2016-10880

REFERENCES
url:https://wordpress.org/plugins/google-document-embedder/#developers
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2016-10880
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10880
Trust: 0.8
sources:
            
            
            VULHUB: VHN-89701 // 
            
            
            
            JVNDB: JVNDB-2019-007792 // 
            
            
            
            CNNVD: CNNVD-201908-1048 // 
            
            
            
            NVD: CVE-2016-10880

SOURCES
db:VULHUBid:VHN-89701
db:JVNDBid:JVNDB-2019-007792
db:CNNVDid:CNNVD-201908-1048
db:NVDid:CVE-2016-10880

LAST UPDATE DATE
2024-11-23T22:21:32.828000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-89701date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-007792date:2019-08-21T00:00:00
db:CNNVDid:CNNVD-201908-1048date:2019-08-20T00:00:00
db:NVDid:CVE-2016-10880date:2024-11-21T02:44:58.600

SOURCES RELEASE DATE
db:VULHUBid:VHN-89701date:2019-08-14T00:00:00
db:JVNDBid:JVNDB-2019-007792date:2019-08-21T00:00:00
db:CNNVDid:CNNVD-201908-1048date:2019-08-14T00:00:00
db:NVDid:CVE-2016-10880date:2019-08-14T16:15:11.457