CVE-2015-2807
NUCLEINavis Documentcloud < 0.1 - XSS
Title source: ruleDescription
Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
Nuclei Templates (1)
Navis DocumentCloud <0.1.1 - Cross-Site Scripting
MEDIUMby daffainfo
References (5)
Scores
EPSS
0.0689
EPSS Percentile
91.4%
Details
CWE
CWE-79
Status
published
Products (1)
documentcloud/navis_documentcloud
< 0.1
Published
Sep 01, 2015
Tracked Since
Feb 18, 2026