CVE-2011-4955 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Bsuite Project	Bsuite

Configuration 1 [-]

OR	cpe:2.3:a:bsuite_project:bsuite::::::wordpress::*
	cpe:2.3:a:bsuite_project:bsuite:5.0:a2::::wordpress::*

References

Link	Resource
http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611	Broken Link
http://secunia.com/advisories/45234	Permissions Required
http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407	Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/16/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/04/16/8	Mailing List Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68602	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-12-20T22:00:00

Updated: 2017-12-20T21:57:01

Reserved: 2011-12-23T00:00:00

Link: CVE-2011-4955

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-12-20T22:29:00.230

Modified: 2018-01-05T20:43:43.160

Link: CVE-2011-4955

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-20T21:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407"}, {"name": "bsuite-index-xss(68602)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68602"}, {"name": "45234", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45234"}, {"name": "[oss-security] 20120416 CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/3"}, {"name": "[oss-security] 20120416 Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4955", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407", "refsource": "CONFIRM", "url": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407"}, {"name": "bsuite-index-xss(68602)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68602"}, {"name": "45234", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45234"}, {"name": "[oss-security] 20120416 CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/3"}, {"name": "[oss-security] 20120416 Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/8"}, {"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611", "refsource": "CONFIRM", "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4955", "datePublished": "2017-12-20T22:00:00", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2017-12-20T21:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bsuite_project:bsuite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B0172AB9-63B3-40A9-B1F9-BC8FC8858CA7", "versionEndIncluding": "4.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bsuite_project:bsuite:5.0:a2:*:*:*:wordpress:*:*", "matchCriteriaId": "D7F8C797-3879-4B5D-9F8D-D2076B09FB7F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en ui_stats.php en el plugin bSuite en versiones anteriores a la 5 alpha 3 para WordPress permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante los par\u00e1metros (1) s y (2) p en index.php."}], "id": "CVE-2011-4955", "lastModified": "2018-01-05T20:43:43.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-20T22:29:00.230", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "http://secunia.com/advisories/45234"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/3"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/8"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68602"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}