CVE-2011-3854 (GCVE-0-2011-3854)
Vulnerability from cvelistv5
Published
2011-09-28 10:00
Modified
2024-08-06 23:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
References
| URL | Tags | ||
|---|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:46:03.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46296"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sitewat.ch/en/Advisories/12"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-19T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46296"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sitewat.ch/en/Advisories/12"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46296"
},
{
"name": "https://sitewat.ch/en/Advisories/12",
"refsource": "MISC",
"url": "https://sitewat.ch/en/Advisories/12"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-3854",
"datePublished": "2011-09-28T10:00:00",
"dateReserved": "2011-09-27T00:00:00",
"dateUpdated": "2024-08-06T23:46:03.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2011-3854\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2011-09-28T10:55:03.950\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.\"},{\"lang\":\"es\",\"value\":\"vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el tema ZenLite anteriores a v4.4 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro s.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.3\",\"matchCriteriaId\":\"4EF5D187-4FB1-4CB8-ABF3-AFE17BD50579\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E668C03-2520-4A53-8296-3686DB46F183\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDEE72DC-7B50-4D48-ABD2-FCA88E5DCAC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18DC0DC7-2078-42E8-BD96-2A9DC54AB1F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1137BE44-AE4D-431C-B571-870507DE1DEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"881C9D2B-BA5B-4F57-B713-36B54318FB67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"420E9A86-9DD9-4BCD-8F22-99082E59992D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64CA4C74-162B-47F4-8D93-EE5E08095764\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D54D12D4-2384-4D85-A617-DB1C74DFDC71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA059627-DE1E-4FD6-A948-0457AC7A656E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3F1712A-7577-4B5C-A7E7-CAAF1F4E135D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0EA82063-08B7-4768-97B9-A12A11CDE321\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2A8B268-DD17-4640-B1F3-CCE97474455C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EADF0129-9858-4A8D-BC21-0D8AB404C138\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B0B7A39-0C29-461C-AAB6-7BC75C225AE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40639E70-B4EA-4FCD-9601-33EB39C25E76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46F882E8-3726-4A6B-B95A-7F7D5BCE543F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E8BE12D-5877-44EA-812F-3DF53F879D84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4ED0D361-5142-46C6-A5D5-59E4230E02AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A40B644-0A06-4656-B632-EED1B8F4A2C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.60:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"30723B08-FE3A-4023-A494-653A20AB88A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:3.61:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E8B929C-5950-4B24-9BB6-437974BA16BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AFA4A1FA-31CE-4AFC-9EE2-6A3C2D2BCC05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B31EA937-4EAB-44F5-86CE-4C59F2D793B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quirm:zenlite:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28D3F1A8-5B15-430A-8739-8BA169A73CAF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"847DA578-4655-477E-8A6F-99FBE738E4F9\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/46296\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://sitewat.ch/en/Advisories/12\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"URL Repurposed\"]},{\"url\":\"http://secunia.com/advisories/46296\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://sitewat.ch/en/Advisories/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"URL Repurposed\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…