{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2009-10004", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-04-08T15:16:29.577Z", "datePublished": "2023-04-09T23:31:03.075Z", "dateUpdated": "2024-08-07T07:32:23.886Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-12T08:18:22.142Z"}, "title": "Turante Sandbox Theme functions.php sandbox_body_class cross site scripting", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Cross Site Scripting"}]}], "affected": [{"vendor": "Turante", "product": "Sandbox Theme", "versions": [{"version": "1.5.0", "status": "affected"}, {"version": "1.5.1", "status": "affected"}, {"version": "1.5.2", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Turante Sandbox Theme bis 1.5.2 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion sandbox_body_class der Datei functions.php. Dank der Manipulation des Arguments page mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 1.6.1 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 8045b1e10970342f558b2c5f360e0bd135af2b10 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 3.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.5, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}], "timeline": [{"time": "2023-04-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-04-08T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-04-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-04-26T11:27:42.000Z", "lang": "en", "value": "VulDB last update"}], "credits": [{"lang": "en", "value": "VulDB GitHub Commit Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.225357", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.225357", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/Turante/sandbox-theme/commit/8045b1e10970342f558b2c5f360e0bd135af2b10", "tags": ["patch"]}, {"url": "https://github.com/Turante/sandbox-theme/releases/tag/1.6.1", "tags": ["patch"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:32:23.886Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.225357", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.225357", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://github.com/Turante/sandbox-theme/commit/8045b1e10970342f558b2c5f360e0bd135af2b10", "tags": ["patch", "x_transferred"]}, {"url": "https://github.com/Turante/sandbox-theme/releases/tag/1.6.1", "tags": ["patch", "x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sandbox_theme_project:sandbox_theme:*:*:*:*:*:*:*:*", "matchCriteriaId": "C034C981-14C0-4986-BED0-D7950C72E738", "versionEndExcluding": "1.6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.6.1 is able to address this issue. The identifier of the patch is 8045b1e10970342f558b2c5f360e0bd135af2b10. It is recommended to upgrade the affected component. The identifier VDB-225357 was assigned to this vulnerability."}], "id": "CVE-2009-10004", "lastModified": "2024-11-21T01:01:26.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-10T00:15:08.113", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/Turante/sandbox-theme/commit/8045b1e10970342f558b2c5f360e0bd135af2b10"}, {"source": "cna@vuldb.com", "tags": ["Release Notes"], "url": "https://github.com/Turante/sandbox-theme/releases/tag/1.6.1"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.225357"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.225357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/Turante/sandbox-theme/commit/8045b1e10970342f558b2c5f360e0bd135af2b10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/Turante/sandbox-theme/releases/tag/1.6.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.225357"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.225357"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{}