{ "id": "CVE-2017-2284", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2017-08-02T16:29:00.520", "lastModified": "2020-03-11T22:13:36.620", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en versiones anteriores a la 1.6.5 de Popup Maker permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 4.3 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "90C161EC-2573-42D2-87D9-34B3D6B8DC9C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D9B91723-3887-4F17-9C22-F75D9190EE56" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "F1AC248E-BF46-422F-84F9-EDC409CA22F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6C0338C3-969D-49CC-8883-A6FC1F85EA96" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "54C7BF56-F9C6-4858-9084-20BC7695BD6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "36323BBF-DF81-47D3-B126-6673A3BF8F35" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4B6B06C5-EBE8-4BD5-AB71-1212847F2D42" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "2B9A7EA4-3EAC-40C3-945B-96B26462B163" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9D48C71B-3971-4AD2-897F-ED9BCF478451" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D789C13D-7C6D-4F5B-A212-B836E08E213A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CFE80F18-726C-4BDE-838C-B44479DF6165" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "440D38B5-4C30-4960-8DF7-1234AB843972" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4EB472CF-32C4-4BB0-AF92-8B015A40BE59" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "59839A5E-3462-4084-AC68-E9BB758D29AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "37360399-BB08-4CCD-BF97-9C244B8538AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "34C82A10-464A-4CDC-8947-7B1494F0EB2C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "70B17631-F056-4E9B-BFF8-73BCE1116815" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "76350181-42BA-49C3-A25D-9B9FCB4E526B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8E3085B2-66B0-4006-AA8E-9EF4CAB97FDB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "102F9DD7-E0B5-4918-895E-DEFCAAC8FC52" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "39D04E83-EF5C-4981-BB0E-6F929AF1C25C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C759FBB3-A063-4CCC-B3A5-F6DC8D6B8A6F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "283F2952-A467-4E2C-9E01-7E48234A3B2E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AB0D76F5-C2EB-4C6D-A187-DF3363EC19A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "70B45C8A-79DA-4AEE-BCC1-C06C77FEE40C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8FCC14C3-C650-44AF-8292-5497B508556A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "007D28DF-7E53-486F-B9AB-1BCD54020AD5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5B735B73-E003-4848-A7F3-EBA9D19039EA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8868752E-BB92-43F4-8D1C-769D512DA13E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "334E63C2-E717-4C11-958D-B48EE3440B12" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "82588758-797D-489D-A19F-0E0D7CC807E5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8588997E-AA8B-440F-9F1B-713FFB097234" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FA9E5F61-97EB-470B-BA39-50ED30FDA492" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "3C2511EE-E091-41C4-BF06-DFBC27B3E3B9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "BFB9A292-0E2D-4378-9039-ED45DABE726C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CEDE2DC6-0A58-47C2-944F-8010524B2821" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5827184B-ACEC-452A-8190-64A32F76E902" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6E5B070F-A8E3-4320-832E-1FE9577E7B1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "8142F60E-FDBF-4DE1-89C9-5925290E9E92" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.9:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FEE8319A-33A8-486C-92A5-4941681B8B3E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.10:*:*:*:*:wordpress:*:*", "matchCriteriaId": "10A5384C-C79D-429A-9094-538BE9C70C9E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.11:*:*:*:*:wordpress:*:*", "matchCriteriaId": "39F86BCA-C2F6-4664-B36E-43FF3F9D13C1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.12:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0C583011-48FD-4EC3-9C58-28EF3E5C9D1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.13:*:*:*:*:wordpress:*:*", "matchCriteriaId": "DD0B7B26-72EA-4712-B783-3989FDB05194" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.14:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6A1CC3A8-EBAA-4FA2-B0B9-4B05C9742CEE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.15:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FE801999-733C-4C82-9114-B2228AADE290" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.16:*:*:*:*:wordpress:*:*", "matchCriteriaId": "7A33CEB9-8CE3-4F1A-A1C8-2176F65DA787" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.17:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AF294B42-DF3C-4ACB-B439-CE41581FB685" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.18:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D18DDBCA-4F33-4CD0-BE52-1B6F87D273E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.19:*:*:*:*:wordpress:*:*", "matchCriteriaId": "65B14941-933B-4ECF-95CA-16F208EB2FCF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.20:*:*:*:*:wordpress:*:*", "matchCriteriaId": "38951BCB-E275-4952-850A-F007CB06B5ED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.21:*:*:*:*:wordpress:*:*", "matchCriteriaId": "862E52EA-4F2E-42F5-8099-DAC7F3025923" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "5AD0FA3F-03CC-470D-A0A5-857CA7A46D73" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0CC71336-9C78-4228-9393-F9139ED44979" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FF5128CC-6B8B-4CC6-9D08-2188D93ABD83" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30B1DDBC-10D1-4718-B07E-946D72F1B581" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9E0DC38E-A42A-4008-9E67-0487F0849CED" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.5:*:*:*:*:wordpress:*:*", "matchCriteriaId": "9B9657B9-C347-4DF9-A306-C281396FB81D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.6:*:*:*:*:wordpress:*:*", "matchCriteriaId": "E0E732F1-84C1-44A6-B1B3-BCA25B8272C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.7:*:*:*:*:wordpress:*:*", "matchCriteriaId": "A78EFBC6-C767-466E-8A7A-68A7606227C2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.8:*:*:*:*:wordpress:*:*", "matchCriteriaId": "C218BC8D-9798-4EEC-8B64-EE96888FA338" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.0:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4177F386-AFB2-421B-8444-89D16B6C78C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.1:*:*:*:*:wordpress:*:*", "matchCriteriaId": "CF7C5849-3102-4D27-BBB8-A6E31230150F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.2:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30BCFF57-5F8E-478B-A484-9C771BA33E83" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.3:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D00FE9DD-4EF5-4CAF-88B1-0C260610063A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.4:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FAB6541B-F121-4668-A2CA-EE6120014633" } ] } ] } ], "references": [ { "url": "https://jvn.jp/en/jp/JVN92921024/index.html", "source": "vultures@jpcert.or.jp", "tags": [ "Third Party Advisory", "VDB Entry" ] }, { "url": "https://plugins.trac.wordpress.org/changeset/1697216/#file3", "source": "vultures@jpcert.or.jp", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://wordpress.org/plugins/popup-maker/#developers", "source": "vultures@jpcert.or.jp", "tags": [ "Product", "Third Party Advisory" ] }, { "url": "https://wpvulndb.com/vulnerabilities/8878", "source": "vultures@jpcert.or.jp" } ] }