CVE-2014-8724
Summary
| CVE | CVE-2014-8724 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-12-19 15:59:00 UTC |
| Updated | 2023-05-26 17:46:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATH_INFO to the default URI. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Boldgrid | W3 Total Cache | All | All | All | All |
| Application | W3edge | Total Cache | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| www.secuvera.de/advisories/secuvera-SA-2014-01.txt | MISC | www.secuvera.de | Exploit |
| W3 Total Cache 0.9.4 Cross Site Scripting ≈ Packet Storm | MISC | packetstormsecurity.com | Exploit |
| WordPress › W3 Total Cache « WordPress Plugins | CONFIRM | wordpress.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.