Medium severity6.1NVD Advisory· Published Apr 14, 2017· Updated May 13, 2026

CVE-2016-4875

Description

Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

Assist Project/Assist Plugin
cpe:2.3:a:assist_project:assist_plugin:*:*:*:*:*:geeklog:*:*
Range: <=1.1.0
Databox Project/Databox Plugin
cpe:2.3:a:databox_project:databox_plugin:*:*:*:*:*:geeklog:*:*
Range: <=0..0.0.20150609
Userbox Project/Userbox Plugin
cpe:2.3:a:userbox_project:userbox_plugin:*:*:*:*:*:geeklog:*:*
Range: <=0.0.0.20150918

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/ivywe/geeklog-ivywe/commit/3cdb4ebca5746ff1e02b7e434d5722044d1d09d1nvdPatchThird Party Advisory
github.com/ivywe/geeklog-ivywe/commit/fe20a1bccdfec96125ab3d8dbee6ccbd0767c0benvdPatchThird Party Advisory
jvn.jp/en/jp/JVN46087986/index.htmlnvdThird Party AdvisoryVDB Entry
jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000167.htmlnvdThird Party AdvisoryVDB Entry
www.securityfocus.com/bid/93123nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000