{"api_version":"1","generated_at":"2026-04-11T08:43:59+00:00","cve":"CVE-2017-20098","urls":{"html":"https://cve.report/CVE-2017-20098","api":"https://cve.report/api/cve/CVE-2017-20098.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-20098","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-20098"},"summary":{"title":"CVE-2017-20098","description":"A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely.","state":"PUBLIC","assigner":"cna@vuldb.com","published_at":"2022-06-27 19:15:00","updated_at":"2022-07-06 20:40:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://seclists.org/fulldisclosure/2017/Feb/75","name":"http://seclists.org/fulldisclosure/2017/Feb/75","refsource":"MISC","tags":[],"title":"Full Disclosure: Admin Custom Login WordPress plugin affected by persistent Cross-Site Scripting via Logo URL field","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://vuldb.com/?id.97368","name":"https://vuldb.com/?id.97368","refsource":"MISC","tags":[],"title":"CVE-2017-20098 | Admin Custom Login Plugin Persistent cross site scripting","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-20098","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-20098","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"20098","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"weblizar","cpe5":"admin_custom_login","cpe6":"2.4.5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"wordpress","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2017-20098","TITLE":"Admin Custom Login Plugin Persistent cross site scripting","REQUESTER":"cna@vuldb.com","ASSIGNER":"cna@vuldb.com","STATE":"PUBLIC"},"generator":"vuldb.com","affects":{"vendor":{"vendor_data":[{"vendor_name":"","product":{"product_data":[{"product_name":"Admin Custom Login Plugin","version":{"version_data":[{"version_value":"2.4.5.2"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-80 Basic Cross Site Scripting"}]}]},"description":{"description_data":[{"lang":"eng","value":"A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely."}]},"credit":"Burak Kelebek","impact":{"cvss":{"version":"3.1","baseScore":"3.5","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}},"references":{"reference_data":[{"url":"http://seclists.org/fulldisclosure/2017/Feb/75","refsource":"MISC","name":"http://seclists.org/fulldisclosure/2017/Feb/75"},{"url":"https://vuldb.com/?id.97368","refsource":"MISC","name":"https://vuldb.com/?id.97368"}]}},"nvd":{"publishedDate":"2022-06-27 19:15:00","lastModifiedDate":"2022-07-06 20:40:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.7,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":3.5},"severity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:weblizar:admin_custom_login:2.4.5.2:*:*:*:*:wordpress:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}