Sign-up

ID

VAR-201912-1674


CVE

CVE-2014-4559


TITLE

WordPress for Swipe Checkout for WP e-Commerce Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2014-008752

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in test-plugin.php in the Swipe Checkout for WP e-Commerce plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) api_key, (2) payment_page_url, (3) merchant_id, (4) api_url, or (5) currency parameter. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

Trust: 1.71

sources: NVD: CVE-2014-4559 // JVNDB: JVNDB-2014-008752 // VULHUB: VHN-72499

AFFECTED PRODUCTS

vendor:cybercompaymodel:swipehq-payment-gateway-wp-e-commercescope:lteversion:3.1.0

Trust: 1.0

vendor:cybercompaymodel:swipehq payment gateway wp e-commercescope:lteversion:3.1.0

Trust: 0.8

vendor:cybercompaymodel:swipehq-payment-gateway-wp-e-commercescope:eqversion:2.0

Trust: 0.6

vendor:cybercompaymodel:swipehq-payment-gateway-wp-e-commercescope:eqversion:3.0.0

Trust: 0.6

vendor:cybercompaymodel:swipehq-payment-gateway-wp-e-commercescope:eqversion: -

Trust: 0.6

vendor:cybercompaymodel:swipehq-payment-gateway-wp-e-commercescope:eqversion:3.1.0

Trust: 0.6

vendor:cybercompaymodel:swipehq-payment-gateway-wp-e-commercescope:eqversion:1.0

Trust: 0.6

sources: JVNDB: JVNDB-2014-008752 // CNNVD: CNNVD-201912-1166 // NVD: CVE-2014-4559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-4559
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-4559
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201912-1166
value: MEDIUM

Trust: 0.6

VULHUB: VHN-72499
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-4559
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-72499
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2014-4559
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2014-4559
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-72499 // JVNDB: JVNDB-2014-008752 // CNNVD: CNNVD-201912-1166 // NVD: CVE-2014-4559

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-72499 // JVNDB: JVNDB-2014-008752 // NVD: CVE-2014-4559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-1166

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201912-1166

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-008752

PATCH
title:swipehq-payment-gateway-wp-e-commerceurl:https://wordpress.org/plugins/swipehq-payment-gateway-wp-e-commerce/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-008752

EXTERNAL IDS
db:NVDid:CVE-2014-4559
Trust: 2.5
db:JVNDBid:JVNDB-2014-008752
Trust: 0.8
db:CNNVDid:CNNVD-201912-1166
Trust: 0.7
db:CNVDid:CNVD-2020-12744
Trust: 0.1
db:VULHUBid:VHN-72499
Trust: 0.1
sources:
            
            
            VULHUB: VHN-72499 // 
            
            
            
            JVNDB: JVNDB-2014-008752 // 
            
            
            
            CNNVD: CNNVD-201912-1166 // 
            
            
            
            NVD: CVE-2014-4559

REFERENCES
url:http://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2014-4559
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4559
Trust: 0.8
url:https://codevigilant.com/disclosure/wp-plugin-swipehq-payment-gateway-wp-e-commerce-a3-cross-site-scripting-xss/
Trust: 0.8
sources:
            
            
            VULHUB: VHN-72499 // 
            
            
            
            JVNDB: JVNDB-2014-008752 // 
            
            
            
            CNNVD: CNNVD-201912-1166 // 
            
            
            
            NVD: CVE-2014-4559

SOURCES
db:VULHUBid:VHN-72499
db:JVNDBid:JVNDB-2014-008752
db:CNNVDid:CNNVD-201912-1166
db:NVDid:CVE-2014-4559

LAST UPDATE DATE
2024-11-23T22:58:27.475000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-72499date:2020-01-06T00:00:00
db:JVNDBid:JVNDB-2014-008752date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-201912-1166date:2019-12-30T00:00:00
db:NVDid:CVE-2014-4559date:2024-11-21T02:10:26.750

SOURCES RELEASE DATE
db:VULHUBid:VHN-72499date:2019-12-27T00:00:00
db:JVNDBid:JVNDB-2014-008752date:2020-01-17T00:00:00
db:CNNVDid:CNNVD-201912-1166date:2019-12-27T00:00:00
db:NVDid:CVE-2014-4559date:2019-12-27T14:15:11.913