CVE-2016-4875

MEDIUM

Assist Plugin < 1.1.2.test20160906 - Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.html
Third Party Advisory, VDB Entry third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN46087986/index.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/93123

Scores

CVSS v3 6.1
EPSS 0.0168
EPSS Percentile 74.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (3)
assist_project/assist_plugin < 1.1.0
databox_project/databox_plugin < 0..0.0.20150609
userbox_project/userbox_plugin < 0.0.0.20150918
Published Apr 14, 2017
Tracked Since Feb 18, 2026