CVE-2016-4875
MEDIUMAssist Plugin < 1.1.2.test20160906 - Cross-Site Scripting
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html
Third Party Advisory, VDB Entry third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN46087986/index.html
Patch, Third Party Advisory x_refsource_confirm
https://github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0be
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93123
Scores
CVSS v3
6.1
EPSS
0.0168
EPSS Percentile
74.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (3)
assist_project/assist_plugin
< 1.1.0
databox_project/databox_plugin
< 0..0.0.20150609
userbox_project/userbox_plugin
< 0.0.0.20150918
Published
Apr 14, 2017
Tracked Since
Feb 18, 2026