github - ghsa-93gm-4q6q-xv6c

ghsa-93gm-4q6q-xv6c

Vulnerability from github

Published

2024-04-08 15:30

Modified

2024-04-08 15:30

Severity ?

3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-10006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T13:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability.",
  "id": "GHSA-93gm-4q6q-xv6c",
  "modified": "2024-04-08T15:30:32Z",
  "published": "2024-04-08T15:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-10006"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a"
    },
    {
      "type": "WEB",
      "url": "https://github.com/wp-plugins/wp-postratings/releases/tag/1.65"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.259629"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.259629"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2011-10006 (GCVE-0-2011-10006)

Vulnerability from cvelistv5

Published

2024-04-08 13:00

Modified

2024-08-07 00:30

Severity ?

3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-79 - Cross Site Scripting

Summary

References

▼	URL	Tags
	https://vuldb.com/?id.259629	vdb-entry
	https://vuldb.com/?ctiid.259629	signature, permissions-required
	https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a	patch
	https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132	patch
	https://github.com/wp-plugins/wp-postratings/releases/tag/1.65	patch

Impacted products

	Vendor	Product	Version
	GamerZ	WP-PostRatings	Version: 1.0 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 Version: 1.13 Version: 1.14 Version: 1.15 Version: 1.16 Version: 1.17 Version: 1.18 Version: 1.19 Version: 1.20 Version: 1.21 Version: 1.22 Version: 1.23 Version: 1.24 Version: 1.25 Version: 1.26 Version: 1.27 Version: 1.28 Version: 1.29 Version: 1.30 Version: 1.31 Version: 1.32 Version: 1.33 Version: 1.34 Version: 1.35 Version: 1.36 Version: 1.37 Version: 1.38 Version: 1.39 Version: 1.40 Version: 1.41 Version: 1.42 Version: 1.43 Version: 1.44 Version: 1.45 Version: 1.46 Version: 1.47 Version: 1.48 Version: 1.49 Version: 1.50 Version: 1.51 Version: 1.52 Version: 1.53 Version: 1.54 Version: 1.55 Version: 1.56 Version: 1.57 Version: 1.58 Version: 1.59 Version: 1.60 Version: 1.61 Version: 1.62 Version: 1.63 Version: 1.64

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2011-10006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T17:28:10.894549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:37.804Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:30:46.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VDB-259629 | GamerZ WP-PostRatings wp-postratings.php cross site scripting",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?id.259629"
          },
          {
            "name": "VDB-259629 | CTI Indicators (IOB, IOC, TTP, IOA)",
            "tags": [
              "signature",
              "permissions-required",
              "x_transferred"
            ],
            "url": "https://vuldb.com/?ctiid.259629"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/wp-plugins/wp-postratings/releases/tag/1.65"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WP-PostRatings",
          "vendor": "GamerZ",
          "versions": [
            {
              "status": "affected",
              "version": "1.0"
            },
            {
              "status": "affected",
              "version": "1.1"
            },
            {
              "status": "affected",
              "version": "1.2"
            },
            {
              "status": "affected",
              "version": "1.3"
            },
            {
              "status": "affected",
              "version": "1.4"
            },
            {
              "status": "affected",
              "version": "1.5"
            },
            {
              "status": "affected",
              "version": "1.6"
            },
            {
              "status": "affected",
              "version": "1.7"
            },
            {
              "status": "affected",
              "version": "1.8"
            },
            {
              "status": "affected",
              "version": "1.9"
            },
            {
              "status": "affected",
              "version": "1.10"
            },
            {
              "status": "affected",
              "version": "1.11"
            },
            {
              "status": "affected",
              "version": "1.12"
            },
            {
              "status": "affected",
              "version": "1.13"
            },
            {
              "status": "affected",
              "version": "1.14"
            },
            {
              "status": "affected",
              "version": "1.15"
            },
            {
              "status": "affected",
              "version": "1.16"
            },
            {
              "status": "affected",
              "version": "1.17"
            },
            {
              "status": "affected",
              "version": "1.18"
            },
            {
              "status": "affected",
              "version": "1.19"
            },
            {
              "status": "affected",
              "version": "1.20"
            },
            {
              "status": "affected",
              "version": "1.21"
            },
            {
              "status": "affected",
              "version": "1.22"
            },
            {
              "status": "affected",
              "version": "1.23"
            },
            {
              "status": "affected",
              "version": "1.24"
            },
            {
              "status": "affected",
              "version": "1.25"
            },
            {
              "status": "affected",
              "version": "1.26"
            },
            {
              "status": "affected",
              "version": "1.27"
            },
            {
              "status": "affected",
              "version": "1.28"
            },
            {
              "status": "affected",
              "version": "1.29"
            },
            {
              "status": "affected",
              "version": "1.30"
            },
            {
              "status": "affected",
              "version": "1.31"
            },
            {
              "status": "affected",
              "version": "1.32"
            },
            {
              "status": "affected",
              "version": "1.33"
            },
            {
              "status": "affected",
              "version": "1.34"
            },
            {
              "status": "affected",
              "version": "1.35"
            },
            {
              "status": "affected",
              "version": "1.36"
            },
            {
              "status": "affected",
              "version": "1.37"
            },
            {
              "status": "affected",
              "version": "1.38"
            },
            {
              "status": "affected",
              "version": "1.39"
            },
            {
              "status": "affected",
              "version": "1.40"
            },
            {
              "status": "affected",
              "version": "1.41"
            },
            {
              "status": "affected",
              "version": "1.42"
            },
            {
              "status": "affected",
              "version": "1.43"
            },
            {
              "status": "affected",
              "version": "1.44"
            },
            {
              "status": "affected",
              "version": "1.45"
            },
            {
              "status": "affected",
              "version": "1.46"
            },
            {
              "status": "affected",
              "version": "1.47"
            },
            {
              "status": "affected",
              "version": "1.48"
            },
            {
              "status": "affected",
              "version": "1.49"
            },
            {
              "status": "affected",
              "version": "1.50"
            },
            {
              "status": "affected",
              "version": "1.51"
            },
            {
              "status": "affected",
              "version": "1.52"
            },
            {
              "status": "affected",
              "version": "1.53"
            },
            {
              "status": "affected",
              "version": "1.54"
            },
            {
              "status": "affected",
              "version": "1.55"
            },
            {
              "status": "affected",
              "version": "1.56"
            },
            {
              "status": "affected",
              "version": "1.57"
            },
            {
              "status": "affected",
              "version": "1.58"
            },
            {
              "status": "affected",
              "version": "1.59"
            },
            {
              "status": "affected",
              "version": "1.60"
            },
            {
              "status": "affected",
              "version": "1.61"
            },
            {
              "status": "affected",
              "version": "1.62"
            },
            {
              "status": "affected",
              "version": "1.63"
            },
            {
              "status": "affected",
              "version": "1.64"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "tool",
          "value": "VulDB GitHub Commit Analyzer"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.65 is able to address this issue. The identifier of the patch is 6182a5682b12369ced0becd3b505439ce2eb8132. It is recommended to upgrade the affected component. The identifier VDB-259629 was assigned to this vulnerability."
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in GamerZ WP-PostRatings bis 1.64 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen hiervon ist ein unbekannter Ablauf der Datei wp-postratings.php. Durch das Manipulieren mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Ein Aktualisieren auf die Version 1.65 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 6182a5682b12369ced0becd3b505439ce2eb8132 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-08T13:00:05.786Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-259629 | GamerZ WP-PostRatings wp-postratings.php cross site scripting",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://vuldb.com/?id.259629"
        },
        {
          "name": "VDB-259629 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.259629"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wp-plugins/wp-postratings/commit/dcc68d03693152eba14d6fb33ba42528ff60e06a"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wp-plugins/wp-postratings/commit/6182a5682b12369ced0becd3b505439ce2eb8132"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/wp-plugins/wp-postratings/releases/tag/1.65"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2011-02-17T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2011-02-17T00:00:00.000Z",
          "value": "Countermeasure disclosed"
        },
        {
          "lang": "en",
          "time": "2024-04-07T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2024-04-07T11:46:12.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "GamerZ WP-PostRatings wp-postratings.php cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2011-10006",
    "datePublished": "2024-04-08T13:00:05.786Z",
    "dateReserved": "2024-04-07T09:40:51.546Z",
    "dateUpdated": "2024-08-07T00:30:46.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted