CVE-2017-16815: XSS
First published: Tue Nov 14 2017(Updated: )
installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Snapcreek Duplicator | =1.2.28 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for Snap Creek Duplicator plugin?
The vulnerability ID for Snap Creek Duplicator plugin is CVE-2017-16815.
What is the severity level of CVE-2017-16815?
The severity level of CVE-2017-16815 is medium with a CVSS score of 6.1.
What is the affected software version for CVE-2017-16815?
The affected software version for CVE-2017-16815 is Snap Creek Duplicator plugin version 1.2.28.
What is the Common Weakness Enumeration (CWE) ID for CVE-2017-16815?
The Common Weakness Enumeration (CWE) ID for CVE-2017-16815 is CWE-79.
How can I fix the XSS vulnerability in Snap Creek Duplicator plugin?
To fix the XSS vulnerability in Snap Creek Duplicator plugin, update to version 1.2.30 or later.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- vendor/snapcreek
- canonical/snapcreek duplicator
- version/snapcreek duplicator/1.2.28