Lucene search

MitreCVE-2011-0641

HistoryJan 25, 2011 - 7:00 p.m.

CVE-2011-0641

2011-01-2519:00:05

CWE-79

mitre

web.nvd.nist.gov

cve

2011

0641

xss

vulnerabilities

statpresscn

plugin

wordpress

remote attackers

web script

html

parameters

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) what1, (2) what2, (3) what3, (4) what4, and (5) what5 parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

Nvd

Node

heart5statpresscnMatch1.9.0

AND

wordpresswordpress

VendorProductVersionCPE
heart5statpresscn1.9.0cpe:2.3:a:heart5:statpresscn:1.9.0:*:*:*:*:*:*:*
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
heart5	statpresscn	1.9.0	cpe:2.3:a:heart5:statpresscn:1.9.0:::::::*
wordpress	wordpress	*	cpe:2.3:a:wordpress:wordpress::::::::

References

osvdb.org/70595

secunia.com/advisories/43016

www.securityfocus.com/bid/45950

exchange.xforce.ibmcloud.com/vulnerabilities/64882

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

60.3%

JSON

Related for CVE-2011-0641