fkie_cve-2017-2284
Vulnerability from fkie_nvd
Published
2017-08-02 16:29
Modified
2025-04-20 01:37
Severity ?
Summary
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN92921024/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://plugins.trac.wordpress.org/changeset/1697216/#file3 | Patch, Third Party Advisory | |
| vultures@jpcert.or.jp | https://wordpress.org/plugins/popup-maker/#developers | Product, Third Party Advisory | |
| vultures@jpcert.or.jp | https://wpvulndb.com/vulnerabilities/8878 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN92921024/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://plugins.trac.wordpress.org/changeset/1697216/#file3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wordpress.org/plugins/popup-maker/#developers | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpvulndb.com/vulnerabilities/8878 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "90C161EC-2573-42D2-87D9-34B3D6B8DC9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D9B91723-3887-4F17-9C22-F75D9190EE56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "F1AC248E-BF46-422F-84F9-EDC409CA22F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6C0338C3-969D-49CC-8883-A6FC1F85EA96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "54C7BF56-F9C6-4858-9084-20BC7695BD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.0.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "36323BBF-DF81-47D3-B126-6673A3BF8F35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4B6B06C5-EBE8-4BD5-AB71-1212847F2D42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "2B9A7EA4-3EAC-40C3-945B-96B26462B163",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9D48C71B-3971-4AD2-897F-ED9BCF478451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D789C13D-7C6D-4F5B-A212-B836E08E213A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CFE80F18-726C-4BDE-838C-B44479DF6165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "440D38B5-4C30-4960-8DF7-1234AB843972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4EB472CF-32C4-4BB0-AF92-8B015A40BE59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "59839A5E-3462-4084-AC68-E9BB758D29AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "37360399-BB08-4CCD-BF97-9C244B8538AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "34C82A10-464A-4CDC-8947-7B1494F0EB2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.1.10:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "70B17631-F056-4E9B-BFF8-73BCE1116815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "76350181-42BA-49C3-A25D-9B9FCB4E526B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8E3085B2-66B0-4006-AA8E-9EF4CAB97FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.2.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "102F9DD7-E0B5-4918-895E-DEFCAAC8FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "39D04E83-EF5C-4981-BB0E-6F929AF1C25C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C759FBB3-A063-4CCC-B3A5-F6DC8D6B8A6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "283F2952-A467-4E2C-9E01-7E48234A3B2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AB0D76F5-C2EB-4C6D-A187-DF3363EC19A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "70B45C8A-79DA-4AEE-BCC1-C06C77FEE40C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8FCC14C3-C650-44AF-8292-5497B508556A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "007D28DF-7E53-486F-B9AB-1BCD54020AD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5B735B73-E003-4848-A7F3-EBA9D19039EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8868752E-BB92-43F4-8D1C-769D512DA13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.3.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "334E63C2-E717-4C11-958D-B48EE3440B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "82588758-797D-489D-A19F-0E0D7CC807E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8588997E-AA8B-440F-9F1B-713FFB097234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FA9E5F61-97EB-470B-BA39-50ED30FDA492",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "3C2511EE-E091-41C4-BF06-DFBC27B3E3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "BFB9A292-0E2D-4378-9039-ED45DABE726C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CEDE2DC6-0A58-47C2-944F-8010524B2821",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5827184B-ACEC-452A-8190-64A32F76E902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6E5B070F-A8E3-4320-832E-1FE9577E7B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8142F60E-FDBF-4DE1-89C9-5925290E9E92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.9:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FEE8319A-33A8-486C-92A5-4941681B8B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.10:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "10A5384C-C79D-429A-9094-538BE9C70C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.11:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "39F86BCA-C2F6-4664-B36E-43FF3F9D13C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.12:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0C583011-48FD-4EC3-9C58-28EF3E5C9D1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.13:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "DD0B7B26-72EA-4712-B783-3989FDB05194",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.14:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "6A1CC3A8-EBAA-4FA2-B0B9-4B05C9742CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.15:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FE801999-733C-4C82-9114-B2228AADE290",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.16:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "7A33CEB9-8CE3-4F1A-A1C8-2176F65DA787",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.17:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "AF294B42-DF3C-4ACB-B439-CE41581FB685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.18:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D18DDBCA-4F33-4CD0-BE52-1B6F87D273E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.19:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "65B14941-933B-4ECF-95CA-16F208EB2FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.20:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "38951BCB-E275-4952-850A-F007CB06B5ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.4.21:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "862E52EA-4F2E-42F5-8099-DAC7F3025923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "5AD0FA3F-03CC-470D-A0A5-857CA7A46D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0CC71336-9C78-4228-9393-F9139ED44979",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FF5128CC-6B8B-4CC6-9D08-2188D93ABD83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "30B1DDBC-10D1-4718-B07E-946D72F1B581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9E0DC38E-A42A-4008-9E67-0487F0849CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.5:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9B9657B9-C347-4DF9-A306-C281396FB81D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.6:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "E0E732F1-84C1-44A6-B1B3-BCA25B8272C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.7:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A78EFBC6-C767-466E-8A7A-68A7606227C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.5.8:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "C218BC8D-9798-4EEC-8B64-EE96888FA338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.0:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "4177F386-AFB2-421B-8444-89D16B6C78C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.1:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "CF7C5849-3102-4D27-BBB8-A6E31230150F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.2:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "30BCFF57-5F8E-478B-A484-9C771BA33E83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.3:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "D00FE9DD-4EF5-4CAF-88B1-0C260610063A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:1.6.4:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "FAB6541B-F121-4668-A2CA-EE6120014633",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en versiones anteriores a la 1.6.5 de Popup Maker permite a atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados."
}
],
"id": "CVE-2017-2284",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-02T16:29:00.520",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN92921024/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/1697216/#file3"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/popup-maker/#developers"
},
{
"source": "vultures@jpcert.or.jp",
"url": "https://wpvulndb.com/vulnerabilities/8878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://jvn.jp/en/jp/JVN92921024/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://plugins.trac.wordpress.org/changeset/1697216/#file3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://wordpress.org/plugins/popup-maker/#developers"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wpvulndb.com/vulnerabilities/8878"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…