CVE-2014-8492: XSS
First published: Fri Oct 06 2017(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cozmoslabs Profile Builder | <=2.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-8492?
CVE-2014-8492 is classified as a moderate severity vulnerability allowing cross-site scripting (XSS) attacks.
How do I fix CVE-2014-8492?
To fix CVE-2014-8492, update the Profile Builder plugin to version 2.0.3 or later.
What parameters are affected by CVE-2014-8492?
The parameters affected by CVE-2014-8492 are site_name, message, and site_url.
Can CVE-2014-8492 be exploited remotely?
Yes, CVE-2014-8492 can be exploited remotely by attackers to inject arbitrary scripts.
Which version of the Profile Builder plugin is vulnerable to CVE-2014-8492?
Versions of the Profile Builder plugin prior to 2.0.3 are vulnerable to CVE-2014-8492.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- vendor/cozmoslabs
- canonical/cozmoslabs profile builder
- version/cozmoslabs profile builder/2.0.2