fkie_nvd - fkie_cve-2011-3850

fkie_cve-2011-3850

Vulnerability from fkie_nvd

Published

2011-09-28 10:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/46297
cve@mitre.org	https://sitewat.ch/en/Advisories/8	Exploit, URL Repurposed
cve@mitre.org	https://wpvulndb.com/vulnerabilities/9788
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/46297
af854a3a-2127-422b-91ae-364da2661108	https://sitewat.ch/en/Advisories/8	Exploit, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108	https://wpvulndb.com/vulnerabilities/9788

Impacted products

Vendor	Product	Version
bytesforall	atahualpa	*
bytesforall	atahualpa	2.0
bytesforall	atahualpa	2.01
bytesforall	atahualpa	2.2
bytesforall	atahualpa	2.21
bytesforall	atahualpa	3.1
bytesforall	atahualpa	3.1.1
bytesforall	atahualpa	3.1.2
bytesforall	atahualpa	3.1.3
bytesforall	atahualpa	3.1.4
bytesforall	atahualpa	3.1.5
bytesforall	atahualpa	3.1.6
bytesforall	atahualpa	3.1.8
bytesforall	atahualpa	3.1.9
bytesforall	atahualpa	3.2
bytesforall	atahualpa	3.4
bytesforall	atahualpa	3.4.1
bytesforall	atahualpa	3.4.01
bytesforall	atahualpa	3.4.3
bytesforall	atahualpa	3.4.4
bytesforall	atahualpa	3.4.5
bytesforall	atahualpa	3.4.6
bytesforall	atahualpa	3.4.9
bytesforall	atahualpa	3.5.2
bytesforall	atahualpa	3.5.4
bytesforall	atahualpa	3.6
bytesforall	atahualpa	3.6.1
bytesforall	atahualpa	3.6.2
bytesforall	atahualpa	3.6.3
bytesforall	atahualpa	3.6.4
bytesforall	atahualpa	3.6.6
wordpress	wordpress	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "488B9614-9FC5-4CFF-AEC2-4355BBEF4F64",
              "versionEndIncluding": "3.6.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FDD9C54-F366-49F2-A878-548961B26497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:2.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC3F95B8-9B22-424E-BE99-FCD12798A8BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A96E0B2F-AE23-4EAE-A996-33D1A35FE2CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:2.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "2514E232-9F82-4CD4-988D-C4D568F1BBAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "63689ACF-F72F-466F-AA9A-59504F3AE3F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08EABA3E-BEF6-41FA-A97A-418A88918F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4A6F42A-A8F8-444C-BBFD-79F2BC39E6A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24FF4D07-2B1E-41DB-9CF8-BA2154BF4B4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5660F954-07B6-437C-AE28-A6B36FF967BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC88F03-FD6E-4C10-B0EF-604DCC7C33D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "22F0549C-A1AC-41FD-B25E-87E396C3E63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F499BF53-9E42-486D-9B8B-33B9C9615A78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1E4D178-E105-4AD0-98F6-44AF92835C14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F42DF2-3DA5-4BD6-B42B-156DDD4F2307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6E4661-9CF9-42FD-93A2-0BE78F09C2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "824A69F6-C4F0-4D20-905B-39941506116D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4.01:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D8C9AA7-38A6-425C-A802-0B1A804020CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1F84B47-7F55-4D89-B03C-10A5B14A6DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA51228D-0F10-438F-A2EC-0B6A9C9563CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC6615B-928B-43D4-AB86-52D28405A744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CABF03DD-992D-4D34-A552-D481410BC975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEDE02FD-A310-4B81-8D0F-66F6C4FF987D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "856780F1-54A8-4F58-92B0-970CCA7E7D79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A616072D-BE97-4D37-BCC8-DAF28F8FB572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6587B52-DF5A-4F74-B489-99B8081A8B42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2D9781-C0F6-4AC4-833A-767C1A709A7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B496F7-1237-4AF6-A330-6E17BC4C3D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C393F16A-6BBD-43CF-844C-2ABB7A5C704C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F500F4-C1A1-4DFA-8A41-DE0E1C6106F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bytesforall:atahualpa:3.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E6C2BF-4A45-429F-BEB8-74510EF4E42B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
    },
    {
      "lang": "es",
      "value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el tema Atahualpa anteriores a v3.6.8 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro s."
    }
  ],
  "id": "CVE-2011-3850",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-09-28T10:55:03.343",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/46297"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisories/8"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://wpvulndb.com/vulnerabilities/9788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/46297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisories/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wpvulndb.com/vulnerabilities/9788"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-3850 (GCVE-0-2011-3850)

Vulnerability from cvelistv5

Published

2011-09-28 10:00