CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2015-3904

Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2) start_day, (3) start_month, (4) start_year, (5) end_day, (6) end_month, (7) end_year, (8) lang, (9) adults, or (10) children parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 68.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://packetstormsecurity.com/files/131934/WordPress-Roomcloud-1.1-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2015/May/40
http://www.securityfocus.com/bid/74580
https://plugins.trac.wordpress.org/changeset/1117499
https://wordpress.org/plugins/roomcloud/changelog/
http://packetstormsecurity.com/files/131934/WordPress-Roomcloud-1.1-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2015/May/40
http://www.securityfocus.com/bid/74580
https://plugins.trac.wordpress.org/changeset/1117499
https://wordpress.org/plugins/roomcloud/changelog/

Products affected by CVE-2015-3904

Roomcloud » Roomcloud » Version: 1.0

cpe:2.3:a:roomcloud:roomcloud:1.0
Roomcloud » Roomcloud » Version: 1.1

cpe:2.3:a:roomcloud:roomcloud:1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-3904

Products

Pricing

Contact Us