Lucene search

MitreCVE-2015-5485

HistoryAug 18, 2015 - 3:59 p.m.

CVE-2015-5485

2015-08-1815:59:02

CWE-79

mitre

web.nvd.nist.gov

cve-2015-5485

xss

vulnerability

event import page

modern tribe

wordpress

remote attackers

web script

html

error parameter

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the “error” parameter to wp-admin/edit.php.

Affected configurations

Nvd

Node

theeventscalendareventbrite_ticketsRange≤3.10.1wordpress

VendorProductVersionCPE
theeventscalendareventbrite_tickets*cpe:2.3:a:theeventscalendar:eventbrite_tickets:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
theeventscalendar	eventbrite_tickets	*	cpe:2.3:a:theeventscalendar:eventbrite_tickets::::::wordpress::*

References

packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2015/Jul/67

security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/

theeventscalendar.com/release-eventbrite-tickets-3-10-2/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.004

Percentile

74.7%

JSON

Related for CVE-2015-5485