CVE-2014-125109

Summary

A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.27. It has been declared as problematic. This vulnerability affects the function bws_add_menu_render of the file bws_menu/bws_menu.php. The manipulation of the argument bwsmn_form_email leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 2.28 is able to address this issue. The name of the patch is d2ede580474665af56ff262a05783fbabe4529b8. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248956.

Affected Software

VendorProductVersion RangeStatus
BestWebSoftPortfolio Plugin2.0affected
BestWebSoftPortfolio Plugin2.1affected
BestWebSoftPortfolio Plugin2.2affected
BestWebSoftPortfolio Plugin2.3affected
BestWebSoftPortfolio Plugin2.4affected
BestWebSoftPortfolio Plugin2.5affected
BestWebSoftPortfolio Plugin2.6affected
BestWebSoftPortfolio Plugin2.7affected
BestWebSoftPortfolio Plugin2.8affected
BestWebSoftPortfolio Plugin2.9affected
BestWebSoftPortfolio Plugin2.10affected
BestWebSoftPortfolio Plugin2.11affected
BestWebSoftPortfolio Plugin2.12affected
BestWebSoftPortfolio Plugin2.13affected
BestWebSoftPortfolio Plugin2.14affected
BestWebSoftPortfolio Plugin2.15affected
BestWebSoftPortfolio Plugin2.16affected
BestWebSoftPortfolio Plugin2.17affected
BestWebSoftPortfolio Plugin2.18affected
BestWebSoftPortfolio Plugin2.19affected
BestWebSoftPortfolio Plugin2.20affected
BestWebSoftPortfolio Plugin2.21affected
BestWebSoftPortfolio Plugin2.22affected
BestWebSoftPortfolio Plugin2.23affected
BestWebSoftPortfolio Plugin2.24affected
BestWebSoftPortfolio Plugin2.25affected
BestWebSoftPortfolio Plugin2.26affected
BestWebSoftPortfolio Plugin2.27affected

Weaknesses

  • CWE-79: CWE-79 Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References