CVE-2017-2147 — Cross-site Scripting in WP Statistics

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 42.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wp-statistics WP Statistics WP Statistics

Timeline

PublishedApr 28

Latest updateMay 14

Description

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDwp-statistics/wp_statistics12.0.4

▶CVEListV5wp_statistics/wp_statisticsversion 12.0.4 and earlier

🔴Vulnerability Details

GHSA

GHSA-25rw-5w3f-v9vr: Cross-site scripting vulnerability in WP Statistics version 12↗2022-05-14

▶

CVEList

CVE-2017-2147: Cross-site scripting vulnerability in WP Statistics version 12↗2017-04-28

▶