CVE-2015-10007 LOW

CVE-2015-10007: 82Flex WEIPDCRM cross site scripting

Vendor 82Flex

Product WEIPDCRM

Weakness CWE-79 · XSS

Published January 2, 2023

Last update April 11, 2025

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in 82Flex WEIPDCRM and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 43bad79392332fa39e31b95268e76fbda9fec3a4. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217184. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

January 2, 2023 CVE published

April 11, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2015-10007 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-5253 Ultimate Addons for WPBakery Page Builder <= 3.19.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-47184 WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) CVE-2025-30836 WordPress LatePoint plugin <= 5.1.6 - Cross Site Scripting (XSS) vulnerability CVE-2025-55107 BUG-000177335 ArcGIS Enterprise Sites has a stored Cross-site Scripting vulnerability. CVE-2025-8919 Portabilis i-Diario History objetivos-de-aprendizagem-e-habilidades cross site scripting