CVE-2014-1750

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-1750
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate.

5.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://seclists.org/oss-sec/2014/q1/173 Exploit
http://seclists.org/oss-sec/2014/q1/181
http://www.securityfocus.com/bid/65226
https://plugins.trac.wordpress.org/browser/nokia-mapsplaces/trunk/nokia-mapsplaces.php?rev=841883
https://plugins.trac.wordpress.org/browser/nokia-mapsplaces/trunk/nokia-mapsplaces.php?rev=842384
Configurations

Configuration 1 (hide)

cpe:2.3:a:nokia_maps_\&_places_project:nokia_maps_\&_places:1.6.6:*:*:*:*:wordpress:*:*
History

No history.

Information

Published : 2015-07-01 14:59

Updated : 2023-12-10 11:46

NVD link : CVE-2014-1750

Mitre link : CVE-2014-1750

CVE.ORG link : CVE-2014-1750

JSON object : View

Products Affected

nokia_maps_\&_places_project

  • nokia_maps_\&_places
CWE
NVD-CWE-Other