CVE-2014-4544
published 2019-12-27CVE-2014-4544: Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script…
PriorityP337medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
3.78%
88.6th percentile
Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| podcast_channels_project | podcast_channels | <= 0.20 | — |
| qemu | qemu | >= 0 < 2.0.0~rc1+dfsg-0ubuntu3.1 | 2.0.0~rc1+dfsg-0ubuntu3.1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6jc2-qxqx-xgwx: Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0
ghsa_unreviewed·2022-05-17
CVE-2014-4544 [MEDIUM] GHSA-6jc2-qxqx-xgwx: Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0
Cross-site scripting (XSS) vulnerability in the Podcast Channels plugin 0.20 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the Filename parameter to getid3/demos/demo.write.php.
OSV
qemu, qemu-kvm vulnerabilities
osv·2014-04-28·CVSS 4.9
CVE-2013-4544 qemu, qemu-kvm vulnerabilities
qemu, qemu-kvm vulnerabilities
Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
devices. A local guest could possibly use this issue to cause a denial of
service, or possibly execute arbitrary code on the host. This issue only
applied to Ubuntu 13.10 and Ubuntu 14.04 LTS. (CVE-2013-4544)
Michael S. Tsirkin discovered that QEMU incorrectly handled virtio-net
MAC addresses. A local guest could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code on the host.
(CVE-2014-0150)
Benoît Canet discovered that QEMU incorrectly handled SMART self-tests. A
local guest could possibly use this issue to cause a denial of service, or
possibly execute arbitrary code on the host. (CVE-2014-2894)
No detection rules found.
Nuclei
Podcast Channels < 0.28 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2014-4544 [MEDIUM] Podcast Channels < 0.28 - Cross-Site Scripting
Podcast Channels alert(document.domain)"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a00483046022100ed927c8ab3dc1b0e842bcbe1889e858c61c740da6d4a49999e948ae9ed792b93022100ada5ae815a81aef887bb71356c9e3f32ec639810074153222a6059de4a4e622b:922c64590222798bb761d5b6d8e72950
2019-12-27
Published