fkie_cve-2011-3852
Vulnerability from fkie_nvd
Published
2011-09-28 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://sitewat.ch/en/Advisories/10 | Exploit, URL Repurposed | |
| af854a3a-2127-422b-91ae-364da2661108 | https://sitewat.ch/en/Advisories/10 | Exploit, URL Repurposed |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| theme4press | evolve | * | |
| theme4press | evolve | 1.0 | |
| theme4press | evolve | 1.0.0 | |
| theme4press | evolve | 1.0.1 | |
| theme4press | evolve | 1.0.2 | |
| theme4press | evolve | 1.0.3 | |
| theme4press | evolve | 1.0.4 | |
| theme4press | evolve | 1.0.5 | |
| theme4press | evolve | 1.0.6 | |
| theme4press | evolve | 1.0.7 | |
| theme4press | evolve | 1.0.8 | |
| theme4press | evolve | 1.0.9 | |
| theme4press | evolve | 1.1.0 | |
| theme4press | evolve | 1.1.1 | |
| theme4press | evolve | 1.1.2 | |
| theme4press | evolve | 1.1.3 | |
| theme4press | evolve | 1.1.4 | |
| theme4press | evolve | 1.1.5 | |
| theme4press | evolve | 1.1.6 | |
| theme4press | evolve | 1.1.7 | |
| theme4press | evolve | 1.1.8 | |
| theme4press | evolve | 1.1.9 | |
| theme4press | evolve | 1.2.0 | |
| theme4press | evolve | 1.2.1 | |
| theme4press | evolve | 1.2.2 | |
| theme4press | evolve | 1.2.3 | |
| theme4press | evolve | 1.2.4 | |
| wordpress | wordpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:theme4press:evolve:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19E1566F-4C11-4AB4-B5A7-3FD41C33B01B",
"versionEndIncluding": "1.2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074ACB6C-AD44-4D54-BCDE-50F6D8528483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D12239-CD27-43E1-BA98-1C47EBB86FDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7739CF1C-DDFA-4B23-8831-2DE6ABA645E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59944B57-E62D-42CF-AA87-107330FC2157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1073E640-2789-485A-8C00-A984D5741B19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0DCD7394-C1D3-4AAF-811D-63E04E7D4D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AB01A1EC-BF00-4750-9F0D-02B7354755E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE4CD32-C7B9-46B5-97BD-6B1CAFC1A078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E31A9461-8873-49AD-A0B9-14581AF23224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E28CD4-EA3C-4C20-8608-183D56E3833B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B8730C9E-BB18-4128-8AEB-77B060507798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "89832B21-1715-4AE6-9C3E-54A351B0DEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55839AC4-425D-40C1-9D0B-B7E6C4D54A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EE5BEE-FEB0-4D87-8CF1-E6A669A23B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A640540-CC90-4E5F-8A80-732122D29B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CC32A55A-519B-4F3F-929B-A87DDE13F4BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D548BB67-461B-4DBF-B71C-DC9D82409534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C1D8529F-1C33-4BEE-83BF-4C19A5C79D0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9678E3D4-12FE-43AA-A0DB-737488F6D4F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "6084B1DC-60A0-4F5A-925A-927149F0F41F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F3CA5789-5D2F-41FE-92BF-566BFE58A111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AB0781ED-A678-47C3-B105-EEAFC40E9148",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF944DE-EEA9-406B-A8B6-D090C0E461FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "336FDA4D-D341-46FE-91D8-4443177CE2B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8F246F94-D890-4151-8D27-478459E2F8D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:theme4press:evolve:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "249C937E-8ED9-4931-99D8-91CF15D05329",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*",
"matchCriteriaId": "847DA578-4655-477E-8A6F-99FBE738E4F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter."
},
{
"lang": "es",
"value": "vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en el tema EvoLve anteriores a v1.2.6 para WordPress, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro s."
}
],
"id": "CVE-2011-3852",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-09-28T10:55:03.560",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "https://sitewat.ch/en/Advisories/10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"URL Repurposed"
],
"url": "https://sitewat.ch/en/Advisories/10"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…