Sign-up

ID

VAR-201908-1066


CVE

CVE-2016-10881


TITLE

WordPress for google-document-embedder Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-007793

DESCRIPTION

The google-document-embedder plugin before 2.6.2 for WordPress has XSS. WordPress for google-document-embedder The plug-in contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2016-10881 // JVNDB: JVNDB-2019-007793 // VULHUB: VHN-89702

AFFECTED PRODUCTS

vendor:google doc embeddermodel:google doc embedderscope:ltversion:2.6.2

Trust: 1.8

sources: JVNDB: JVNDB-2019-007793 // NVD: CVE-2016-10881

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-10881
value: MEDIUM

Trust: 1.0

NVD: CVE-2016-10881
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-1049
value: MEDIUM

Trust: 0.6

VULHUB: VHN-89702
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-10881
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-89702
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-10881
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-89702 // JVNDB: JVNDB-2019-007793 // CNNVD: CNNVD-201908-1049 // NVD: CVE-2016-10881

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-89702 // JVNDB: JVNDB-2019-007793 // NVD: CVE-2016-10881

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-1049

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201908-1049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007793

PATCH
title:Google Doc Embedderurl:https://wordpress.org/plugins/google-document-embedder/#developers
Trust: 0.8
title:WordPres google-document-embedder Fixes for plugin cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96726
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007793 // 
            
            
            
            CNNVD: CNNVD-201908-1049

EXTERNAL IDS
db:NVDid:CVE-2016-10881
Trust: 2.5
db:JVNDBid:JVNDB-2019-007793
Trust: 0.8
db:CNNVDid:CNNVD-201908-1049
Trust: 0.7
db:VULHUBid:VHN-89702
Trust: 0.1
sources:
            
            
            VULHUB: VHN-89702 // 
            
            
            
            JVNDB: JVNDB-2019-007793 // 
            
            
            
            CNNVD: CNNVD-201908-1049 // 
            
            
            
            NVD: CVE-2016-10881

REFERENCES
url:https://wordpress.org/plugins/google-document-embedder/#developers
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2016-10881
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10881
Trust: 0.8
sources:
            
            
            VULHUB: VHN-89702 // 
            
            
            
            JVNDB: JVNDB-2019-007793 // 
            
            
            
            CNNVD: CNNVD-201908-1049 // 
            
            
            
            NVD: CVE-2016-10881

SOURCES
db:VULHUBid:VHN-89702
db:JVNDBid:JVNDB-2019-007793
db:CNNVDid:CNNVD-201908-1049
db:NVDid:CVE-2016-10881

LAST UPDATE DATE
2024-11-23T22:51:41.539000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-89702date:2019-08-19T00:00:00
db:JVNDBid:JVNDB-2019-007793date:2019-08-21T00:00:00
db:CNNVDid:CNNVD-201908-1049date:2019-08-20T00:00:00
db:NVDid:CVE-2016-10881date:2024-11-21T02:44:58.740

SOURCES RELEASE DATE
db:VULHUBid:VHN-89702date:2019-08-14T00:00:00
db:JVNDBid:JVNDB-2019-007793date:2019-08-21T00:00:00
db:CNNVDid:CNNVD-201908-1049date:2019-08-14T00:00:00
db:NVDid:CVE-2016-10881date:2019-08-14T16:15:11.517