CVE-2011-4955 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bsuite Project	Bsuite

Configuration 1 [-]

OR	cpe:2.3:a:bsuite_project:bsuite::::::wordpress::*
	cpe:2.3:a:bsuite_project:bsuite:5.0:a2::::wordpress::*

No data.

References

Link	Providers
http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611
http://secunia.com/advisories/45234
http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407
http://www.openwall.com/lists/oss-security/2012/04/16/3
http://www.openwall.com/lists/oss-security/2012/04/16/8
https://exchange.xforce.ibmcloud.com/vulnerabilities/68602

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2017-12-20T22:00:00

Updated: 2024-08-07T00:23:38.983Z

Reserved: 2011-12-23T00:00:00

Link: CVE-2011-4955

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-12-20T22:29:00.230

Modified: 2018-01-05T20:43:43.160

Link: CVE-2011-4955

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-07T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-20T21:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407"}, {"name": "bsuite-index-xss(68602)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68602"}, {"name": "45234", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/45234"}, {"name": "[oss-security] 20120416 CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/3"}, {"name": "[oss-security] 20120416 Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/8"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2011-4955", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407", "refsource": "CONFIRM", "url": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407"}, {"name": "bsuite-index-xss(68602)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68602"}, {"name": "45234", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/45234"}, {"name": "[oss-security] 20120416 CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/3"}, {"name": "[oss-security] 20120416 Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/04/16/8"}, {"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611", "refsource": "CONFIRM", "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:38.983Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407"}, {"name": "bsuite-index-xss(68602)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68602"}, {"name": "45234", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/45234"}, {"name": "[oss-security] 20120416 CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/3"}, {"name": "[oss-security] 20120416 Re: CVE-request: WordPress-plugin bSuite <=4.0.7 permanent XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/8"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4955", "datePublished": "2017-12-20T22:00:00", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:38.983Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bsuite_project:bsuite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "B0172AB9-63B3-40A9-B1F9-BC8FC8858CA7", "versionEndIncluding": "4.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:bsuite_project:bsuite:5.0:a2:*:*:*:wordpress:*:*", "matchCriteriaId": "D7F8C797-3879-4B5D-9F8D-D2076B09FB7F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in the bSuite plugin before 5 alpha 3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s or (2) p parameters to index.php."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en ui_stats.php en el plugin bSuite en versiones anteriores a la 5 alpha 3 para WordPress permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante los par\u00e1metros (1) s y (2) p en index.php."}], "id": "CVE-2011-4955", "lastModified": "2018-01-05T20:43:43.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-12-20T22:29:00.230", "references": [{"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fbsuite&old=520611&new_path=%2Fbsuite&new=520611"}, {"source": "secalert@redhat.com", "tags": ["Permissions Required"], "url": "http://secunia.com/advisories/45234"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://wordpress.org/support/topic/plugin-bsuite-xss-security-vulnerability-in-407"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/3"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2012/04/16/8"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68602"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}