Lucene search
MitreCVE-2011-3852HistorySep 28, 2011 - 10:55 a.m.
CVE-2011-3852
2011-09-2810:55:03
CWE-79
mitre
web.nvd.nist.gov
27
cve-2011-3852
cross-site scripting
xss vulnerability
evolve theme
wordpress
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.002
Percentile
54.4%
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
Affected configurations
Node
theme4pressevolveRange≤1.2.5
ORtheme4pressevolveMatch1.0
ORtheme4pressevolveMatch1.0.0
ORtheme4pressevolveMatch1.0.1
ORtheme4pressevolveMatch1.0.2
ORtheme4pressevolveMatch1.0.3
ORtheme4pressevolveMatch1.0.4
ORtheme4pressevolveMatch1.0.5
ORtheme4pressevolveMatch1.0.6
ORtheme4pressevolveMatch1.0.7
ORtheme4pressevolveMatch1.0.8
ORtheme4pressevolveMatch1.0.9
ORtheme4pressevolveMatch1.1.0
ORtheme4pressevolveMatch1.1.1
ORtheme4pressevolveMatch1.1.2
ORtheme4pressevolveMatch1.1.3
ORtheme4pressevolveMatch1.1.4
ORtheme4pressevolveMatch1.1.5
ORtheme4pressevolveMatch1.1.6
ORtheme4pressevolveMatch1.1.7
ORtheme4pressevolveMatch1.1.8
ORtheme4pressevolveMatch1.1.9
ORtheme4pressevolveMatch1.2.0
ORtheme4pressevolveMatch1.2.1
ORtheme4pressevolveMatch1.2.2
ORtheme4pressevolveMatch1.2.3
ORtheme4pressevolveMatch1.2.4
wordpresswordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| theme4press | evolve | * | cpe:2.3:a:theme4press:evolve:*:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0 | cpe:2.3:a:theme4press:evolve:1.0:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.0 | cpe:2.3:a:theme4press:evolve:1.0.0:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.1 | cpe:2.3:a:theme4press:evolve:1.0.1:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.2 | cpe:2.3:a:theme4press:evolve:1.0.2:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.3 | cpe:2.3:a:theme4press:evolve:1.0.3:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.4 | cpe:2.3:a:theme4press:evolve:1.0.4:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.5 | cpe:2.3:a:theme4press:evolve:1.0.5:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.6 | cpe:2.3:a:theme4press:evolve:1.0.6:*:*:*:*:*:*:* |
| theme4press | evolve | 1.0.7 | cpe:2.3:a:theme4press:evolve:1.0.7:*:*:*:*:*:*:* |
References
Related
prion
prion
Cross site scripting
2011-09-28 10:55:00
patchstack
patchstack
WordPress EvoLve Theme 1.2.5 - Cross-Site Scripting
2011-09-29 00:00:00
exploitdb
exploitdb
WordPress Theme EvoLve 1.2.5 - 's' Cross-Site Scripting
2011-09-29 00:00:00
wpvulndb
wpvulndb
Evolve < 1.2.6 - XSS
2011-09-27 00:00:00
cvelist
cvelist
CVE-2011-3852
2011-09-28 10:00:00
nvd
nvd
CVE-2011-3852
2011-09-28 10:55:03
openvas
openvas
WordPress Multiple Themes 's' Parameter Cross Site Scripting Vulnerabilities
2011-10-04 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.9
Confidence
High
EPSS
0.002
Percentile
54.4%
Related for CVE-2011-3852