Vulnerabilites related to quirm - zenlite
Vulnerability from fkie_nvd
Published
2011-09-28 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
References
cve@mitre.orghttp://secunia.com/advisories/46296
cve@mitre.orghttps://sitewat.ch/en/Advisories/12Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/46296
af854a3a-2127-422b-91ae-364da2661108https://sitewat.ch/en/Advisories/12Exploit, URL Repurposed
Impacted products
Vendor Product Version
quirm zenlite *
quirm zenlite 1.0
quirm zenlite 1.1
quirm zenlite 1.2
quirm zenlite 1.3
quirm zenlite 2.0
quirm zenlite 2.1
quirm zenlite 2.2
quirm zenlite 2.4
quirm zenlite 2.5
quirm zenlite 2.6
quirm zenlite 2.7
quirm zenlite 3.0
quirm zenlite 3.1
quirm zenlite 3.2
quirm zenlite 3.3
quirm zenlite 3.4
quirm zenlite 3.5
quirm zenlite 3.51
quirm zenlite 3.52
quirm zenlite 3.60
quirm zenlite 3.61
quirm zenlite 4.0
quirm zenlite 4.1
quirm zenlite 4.2
wordpress wordpress *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF5D187-4FB1-4CB8-ABF3-AFE17BD50579",
              "versionEndIncluding": "4.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E668C03-2520-4A53-8296-3686DB46F183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDEE72DC-7B50-4D48-ABD2-FCA88E5DCAC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18DC0DC7-2078-42E8-BD96-2A9DC54AB1F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1137BE44-AE4D-431C-B571-870507DE1DEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "881C9D2B-BA5B-4F57-B713-36B54318FB67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "420E9A86-9DD9-4BCD-8F22-99082E59992D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CA4C74-162B-47F4-8D93-EE5E08095764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D54D12D4-2384-4D85-A617-DB1C74DFDC71",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA059627-DE1E-4FD6-A948-0457AC7A656E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F1712A-7577-4B5C-A7E7-CAAF1F4E135D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA82063-08B7-4768-97B9-A12A11CDE321",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2A8B268-DD17-4640-B1F3-CCE97474455C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADF0129-9858-4A8D-BC21-0D8AB404C138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0B7A39-0C29-461C-AAB6-7BC75C225AE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "40639E70-B4EA-4FCD-9601-33EB39C25E76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "46F882E8-3726-4A6B-B95A-7F7D5BCE543F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E8BE12D-5877-44EA-812F-3DF53F879D84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ED0D361-5142-46C6-A5D5-59E4230E02AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A40B644-0A06-4656-B632-EED1B8F4A2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "30723B08-FE3A-4023-A494-653A20AB88A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:3.61:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E8B929C-5950-4B24-9BB6-437974BA16BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFA4A1FA-31CE-4AFC-9EE2-6A3C2D2BCC05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B31EA937-4EAB-44F5-86CE-4C59F2D793B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quirm:zenlite:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28D3F1A8-5B15-430A-8739-8BA169A73CAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
    },
    {
      "lang": "es",
      "value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el tema ZenLite anteriores a v4.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro s."
    }
  ],
  "id": "CVE-2011-3854",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-09-28T10:55:03.950",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46296"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisories/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisories/12"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-3854 (GCVE-0-2011-3854)
Vulnerability from cvelistv5
Published
2011-09-28 10:00
Modified
2024-08-06 23:46
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
References
http://secunia.com/advisories/46296third-party-advisory, x_refsource_SECUNIA
https://sitewat.ch/en/Advisories/12x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:46:03.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "46296",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46296"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sitewat.ch/en/Advisories/12"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-10-19T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "46296",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46296"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sitewat.ch/en/Advisories/12"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-3854",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46296",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46296"
            },
            {
              "name": "https://sitewat.ch/en/Advisories/12",
              "refsource": "MISC",
              "url": "https://sitewat.ch/en/Advisories/12"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-3854",
    "datePublished": "2011-09-28T10:00:00",
    "dateReserved": "2011-09-27T00:00:00",
    "dateUpdated": "2024-08-06T23:46:03.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}