CVE-2014-125097

Published: Apr 10, 2023Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability, which was classified as problematic, was found in BestWebSoft Facebook Like Button up to 2.33. Affected is the function fcbkbttn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.34 is able to address this issue. The patch is identified as b766da8fa100779409a953f0e46c2a2448cbe99c. It is recommended to upgrade the affected component. VDB-225354 is the identifier assigned to this vulnerability.

Affected (1)

Products: Bestwebsoft: Facebook Button

1 product

Facebook Button

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bestwebsoft Facebook Button	Before 2.34

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (6)

https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c

Source: cna@vuldb.com

Patch

https://vuldb.com/?ctiid.225354

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.225354

Source: cna@vuldb.com

Permissions RequiredThird Party Advisory

https://github.com/wp-plugins/facebook-button-plugin/commit/b766da8fa100779409a953f0e46c2a2448cbe99c

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://vuldb.com/?ctiid.225354

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

https://vuldb.com/?id.225354

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredThird Party Advisory

Timeline

No history available yet.