CVE-2015-3998

Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php.
References
Link Resource
http://www.vapid.dhs.org/advisory.php?v=119 Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:clickfraud-monitoring:adsense-click-fraud-monitoring:1.7.5:*:*:*:*:wordpress:*:*

Configuration 2 (hide)

cpe:2.3:a:phpwhois_project:phpwhois:4.2.5:*:*:*:*:*:*:*

Information

Published : 2017-05-17 07:29

Updated : 2017-05-24 08:15


NVD link : CVE-2015-3998

Mitre link : CVE-2015-3998


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

clickfraud-monitoring

  • adsense-click-fraud-monitoring

phpwhois_project

  • phpwhois