fkie_nvd - fkie_cve-2013-3645

fkie_cve-2013-3645

Vulnerability from fkie_nvd

Published

2013-06-14 13:07

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	http://docs.orchardproject.net/Documentation/Patch-4-30-2013	Patch, Vendor Advisory
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN53622030/index.html
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057
af854a3a-2127-422b-91ae-364da2661108	http://docs.orchardproject.net/Documentation/Patch-4-30-2013	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN53622030/index.html
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057

Impacted products

Vendor	Product	Version
orchardproject	orchard	*
orchardproject	orchard	0.1
orchardproject	orchard	0.5
orchardproject	orchard	0.8
orchardproject	orchard	0.9
orchardproject	orchard	1.0
orchardproject	orchard	1.1
orchardproject	orchard	1.2
orchardproject	orchard	1.3
orchardproject	orchard	1.4
orchardproject	orchard	1.5
orchardproject	orchard	1.5.1
orchardproject	orchard	1.41
orchardproject	orchard	1.42

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "539E782C-A237-431A-8C40-CF4349DACD65",
              "versionEndIncluding": "1.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBCD2EE9-D3F1-48C7-B180-B180E939F00B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "82610413-EBE7-4319-B63E-8E9B237DA790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BD0A43E-2EA3-4A68-96BB-0A981F635D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86C15D0-3FFA-4FAE-B4D6-B5180D061BDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "822D03B1-1FC6-43BA-B031-EE622E8AAB16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6F6CC14-867D-4573-B0FB-7FD6D82F1100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BFA6EB5-13A9-4D08-9228-AC5856BC4624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4467A8-D305-41BE-BE2E-AD8C57C73E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF210DB9-188F-4FD9-A6F8-7E0259351F5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5C8ABA-ABC7-4189-844D-A452896FCE28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "86AFDD1A-F50C-4483-8D7D-7F27A9AD24A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B98296-A6AB-497B-818F-255D0923FD2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:orchardproject:orchard:1.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F93115C-7B9E-4F19-AF1F-C12201909FDE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en el m\u00f3dulo Orchard.Comments en Orchard anterior a 1.6.1, permite a atacantes remotos inyectar secuencias arbitrarias de comandos web o HTML a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2013-3645",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-06-14T13:07:29.643",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvn.jp/en/jp/JVN53622030/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://docs.orchardproject.net/Documentation/Patch-4-30-2013"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/en/jp/JVN53622030/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000057"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2013-3645 (GCVE-0-2013-3645)

Vulnerability from cvelistv5

Published

2013-06-14 10:00