CVE-2018-6465 Information
Feb 14, 2021
cve
Description
The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://packetstormsecurity.com/files/146174/WordPress-Propertyhive-1.4.14-Cross-Site-Scripting.html https://wordpress.org/plugins/propertyhive/developers https://wordpress.org/support/topic/wordpress-propertyhive-1-4-14-cross-site-scripting/ https://wpvulndb.com/vulnerabilities/9020
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: