CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-100027 – Slimstat Analytics <= 3.5.5 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2014-100027
13 Jan 2015 — Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin before 3.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en el plugin WP SlimStat anterior a 3.5.6 para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a URL in versions up to, and including, 3.5.5 due... • http://secunia.com/advisories/57305 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2015-1204 – Slimstat Analytics <= 3.9.2 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-1204
06 Jan 2015 — Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php. Vulnerabilidad XSS en la funcionalidad Save Filters en el plugin WP Slimstat anterior a 3.9.2 de WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro fs[resource] en la página wp-slim-view-... • http://secunia.com/advisories/62034 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •