Lucene search

[email protected]CVE-2011-5104

HistoryAug 23, 2012 - 8:55 p.m.

CVE-2011-5104

2012-08-2320:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-5104

cross-site scripting

xss

wp e-commerce

wordpress

remote attack

arbitrary web script

html

sales logs

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

getshoppedwp_e-commerceRange≤3.8.7.1

getshoppedwp_e-commerceMatch3.6.5

getshoppedwp_e-commerceMatch3.6.6

getshoppedwp_e-commerceMatch3.6.7

getshoppedwp_e-commerceMatch3.6.8

getshoppedwp_e-commerceMatch3.6.9

getshoppedwp_e-commerceMatch3.6.10

getshoppedwp_e-commerceMatch3.6.11

getshoppedwp_e-commerceMatch3.6.12

getshoppedwp_e-commerceMatch3.6.13

getshoppedwp_e-commerceMatch3.7

getshoppedwp_e-commerceMatch3.7beta2

getshoppedwp_e-commerceMatch3.7beta3

getshoppedwp_e-commerceMatch3.7.1

getshoppedwp_e-commerceMatch3.7.2

getshoppedwp_e-commerceMatch3.7.3

getshoppedwp_e-commerceMatch3.7.4

getshoppedwp_e-commerceMatch3.7.5

getshoppedwp_e-commerceMatch3.7.5beta1

getshoppedwp_e-commerceMatch3.7.5beta2

getshoppedwp_e-commerceMatch3.7.5rc1

getshoppedwp_e-commerceMatch3.7.5rc2

getshoppedwp_e-commerceMatch3.7.5rc3

getshoppedwp_e-commerceMatch3.7.5rc4

getshoppedwp_e-commerceMatch3.7.5.1

getshoppedwp_e-commerceMatch3.7.5.1beta

getshoppedwp_e-commerceMatch3.7.5.2

getshoppedwp_e-commerceMatch3.7.5.3

getshoppedwp_e-commerceMatch3.7.6

getshoppedwp_e-commerceMatch3.7.6rc1

getshoppedwp_e-commerceMatch3.7.6rc2

getshoppedwp_e-commerceMatch3.7.6rc3

getshoppedwp_e-commerceMatch3.7.6rc4

getshoppedwp_e-commerceMatch3.7.6.1

getshoppedwp_e-commerceMatch3.7.6.2

getshoppedwp_e-commerceMatch3.7.6.3

getshoppedwp_e-commerceMatch3.7.6.4

getshoppedwp_e-commerceMatch3.7.6.5

getshoppedwp_e-commerceMatch3.7.6.6

getshoppedwp_e-commerceMatch3.7.6.7

getshoppedwp_e-commerceMatch3.7.6.9

getshoppedwp_e-commerceMatch3.7.7

getshoppedwp_e-commerceMatch3.7.8

getshoppedwp_e-commerceMatch3.7.8.1

getshoppedwp_e-commerceMatch3.7.8.2

getshoppedwp_e-commerceMatch3.7.8.3

getshoppedwp_e-commerceMatch3.8

getshoppedwp_e-commerceMatch3.8beta1

getshoppedwp_e-commerceMatch3.8beta2

getshoppedwp_e-commerceMatch3.8beta3

getshoppedwp_e-commerceMatch3.8rc1

getshoppedwp_e-commerceMatch3.8rc2

getshoppedwp_e-commerceMatch3.8rc3

getshoppedwp_e-commerceMatch3.8rc4

getshoppedwp_e-commerceMatch3.8.1

getshoppedwp_e-commerceMatch3.8.2

getshoppedwp_e-commerceMatch3.8.3

getshoppedwp_e-commerceMatch3.8.4

getshoppedwp_e-commerceMatch3.8.5

getshoppedwp_e-commerceMatch3.8.6

getshoppedwp_e-commerceMatch3.8.6.1

getshoppedwp_e-commerceMatch3.8.7

AND

wordpresswordpressMatch-

CPENameOperatorVersion
getshopped:wp_e-commercegetshopped wp e-commercele3.8.7.1
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.5
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.6
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.7
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.8
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.9
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.10
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.11
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.12
getshopped:wp_e-commercegetshopped wp e-commerceeq3.6.13

CPE	Name	Operator	Version
getshopped:wp_e-commerce	getshopped wp e-commerce	le	3.8.7.1
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.5
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.6
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.7
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.8
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.9
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.10
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.11
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.12
getshopped:wp_e-commerce	getshopped wp e-commerce	eq	3.6.13

Rows per page:

1-10 of 421

References

osvdb.org/77249

plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce

secunia.com/advisories/46957

wordpress.org/extend/plugins/wp-e-commerce/changelog/

www.securityfocus.com/bid/50757

exchange.xforce.ibmcloud.com/vulnerabilities/71443

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.7%

JSON

Related for CVE-2011-5104

nvd1 patchstack1 prion1 cvelist1