fkie_nvd - fkie_cve-2011-3852

fkie_cve-2011-3852

Vulnerability from fkie_nvd

Published

2011-09-28 10:55

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

References

	URL	Tags
	cve@mitre.org	https://sitewat.ch/en/Advisories/10	Exploit, URL Repurposed
	af854a3a-2127-422b-91ae-364da2661108	https://sitewat.ch/en/Advisories/10	Exploit, URL Repurposed

Impacted products

Vendor	Product	Version
theme4press	evolve	*
theme4press	evolve	1.0
theme4press	evolve	1.0.0
theme4press	evolve	1.0.1
theme4press	evolve	1.0.2
theme4press	evolve	1.0.3
theme4press	evolve	1.0.4
theme4press	evolve	1.0.5
theme4press	evolve	1.0.6
theme4press	evolve	1.0.7
theme4press	evolve	1.0.8
theme4press	evolve	1.0.9
theme4press	evolve	1.1.0
theme4press	evolve	1.1.1
theme4press	evolve	1.1.2
theme4press	evolve	1.1.3
theme4press	evolve	1.1.4
theme4press	evolve	1.1.5
theme4press	evolve	1.1.6
theme4press	evolve	1.1.7
theme4press	evolve	1.1.8
theme4press	evolve	1.1.9
theme4press	evolve	1.2.0
theme4press	evolve	1.2.1
theme4press	evolve	1.2.2
theme4press	evolve	1.2.3
theme4press	evolve	1.2.4
wordpress	wordpress	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19E1566F-4C11-4AB4-B5A7-3FD41C33B01B",
              "versionEndIncluding": "1.2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "074ACB6C-AD44-4D54-BCDE-50F6D8528483",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9D12239-CD27-43E1-BA98-1C47EBB86FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7739CF1C-DDFA-4B23-8831-2DE6ABA645E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "59944B57-E62D-42CF-AA87-107330FC2157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1073E640-2789-485A-8C00-A984D5741B19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DCD7394-C1D3-4AAF-811D-63E04E7D4D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB01A1EC-BF00-4750-9F0D-02B7354755E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE4CD32-C7B9-46B5-97BD-6B1CAFC1A078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E31A9461-8873-49AD-A0B9-14581AF23224",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E28CD4-EA3C-4C20-8608-183D56E3833B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8730C9E-BB18-4128-8AEB-77B060507798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "89832B21-1715-4AE6-9C3E-54A351B0DEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55839AC4-425D-40C1-9D0B-B7E6C4D54A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4EE5BEE-FEB0-4D87-8CF1-E6A669A23B09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A640540-CC90-4E5F-8A80-732122D29B1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC32A55A-519B-4F3F-929B-A87DDE13F4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D548BB67-461B-4DBF-B71C-DC9D82409534",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1D8529F-1C33-4BEE-83BF-4C19A5C79D0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9678E3D4-12FE-43AA-A0DB-737488F6D4F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6084B1DC-60A0-4F5A-925A-927149F0F41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3CA5789-5D2F-41FE-92BF-566BFE58A111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB0781ED-A678-47C3-B105-EEAFC40E9148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADF944DE-EEA9-406B-A8B6-D090C0E461FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "336FDA4D-D341-46FE-91D8-4443177CE2B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F246F94-D890-4151-8D27-478459E2F8D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:theme4press:evolve:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "249C937E-8ED9-4931-99D8-91CF15D05329",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
    },
    {
      "lang": "es",
      "value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el tema EvoLve anteriores a v1.2.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro s."
    }
  ],
  "id": "CVE-2011-3852",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2011-09-28T10:55:03.560",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisories/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "URL Repurposed"
      ],
      "url": "https://sitewat.ch/en/Advisories/10"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-3852 (GCVE-0-2011-3852)

Vulnerability from cvelistv5

Published

2011-09-28 10:00

Modified

2024-09-16 18:08

Severity ?

CWE

Summary

Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

References

URL

Tags

https://sitewat.ch/en/Advisories/10

x_refsource_MISC