CVE-2017-2136 — Cross-site Scripting in Statistics

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 22.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

WP Statistics

Timeline

PublishedApr 28

Latest updateMay 17

Description

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDwp_statistics/wp_statistics12.0.4

▶CVEListV5wp_statistics/wp_statisticsversion 12.0.4 and earlier

🔴Vulnerability Details

GHSA

GHSA-9mcw-hh47-x3v4: Cross-site scripting vulnerability in WP Statistics version 12↗2022-05-17

▶

CVEList

CVE-2017-2136: Cross-site scripting vulnerability in WP Statistics version 12↗2017-04-28

▶