CVE-2018-10102 - OpenCVE

Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/103775
http://www.securitytracker.com/id/1040836
https://codex.wordpress.org/Version_4.9.5
https://core.trac.wordpress.org/changeset/42893
https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html
https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/9055
https://www.debian.org/security/2018/dsa-4193

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-04-14T13:00:00

Updated: 2024-08-05T07:32:01.088Z

Reserved: 2018-04-14T00:00:00

Link: CVE-2018-10102

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-04-16T09:58:09.713

Modified: 2018-05-18T13:50:36.550

Link: CVE-2018-10102

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-05-15T09:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "103775", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/103775"}, {"tags": ["x_refsource_MISC"], "url": "https://wpvulndb.com/vulnerabilities/9055"}, {"name": "1040836", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040836"}, {"name": "DSA-4193", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4193"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://core.trac.wordpress.org/changeset/42893"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/"}, {"name": "[debian-lts-announce] 20180427 [SECURITY] [DLA 1366-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codex.wordpress.org/Version_4.9.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-10102", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "103775", "refsource": "BID", "url": "http://www.securityfocus.com/bid/103775"}, {"name": "https://wpvulndb.com/vulnerabilities/9055", "refsource": "MISC", "url": "https://wpvulndb.com/vulnerabilities/9055"}, {"name": "1040836", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040836"}, {"name": "DSA-4193", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4193"}, {"name": "https://core.trac.wordpress.org/changeset/42893", "refsource": "CONFIRM", "url": "https://core.trac.wordpress.org/changeset/42893"}, {"name": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", "refsource": "CONFIRM", "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/"}, {"name": "[debian-lts-announce] 20180427 [SECURITY] [DLA 1366-1] wordpress security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html"}, {"name": "https://codex.wordpress.org/Version_4.9.5", "refsource": "CONFIRM", "url": "https://codex.wordpress.org/Version_4.9.5"}, {"name": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d", "refsource": "CONFIRM", "url": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:32:01.088Z"}, "title": "CVE Program Container", "references": [{"name": "103775", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/103775"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpvulndb.com/vulnerabilities/9055"}, {"name": "1040836", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040836"}, {"name": "DSA-4193", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4193"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://core.trac.wordpress.org/changeset/42893"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/"}, {"name": "[debian-lts-announce] 20180427 [SECURITY] [DLA 1366-1] wordpress security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codex.wordpress.org/Version_4.9.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-10102", "datePublished": "2018-04-14T13:00:00", "dateReserved": "2018-04-14T00:00:00", "dateUpdated": "2024-08-05T07:32:01.088Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*", "matchCriteriaId": "8F03A691-0741-487D-A951-523B04170F4E", "versionEndExcluding": "4.9.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag."}, {"lang": "es", "value": "En versiones anteriores a la 4.9.5 de WordPress, la cadena de versi\u00f3n no se escap\u00f3 en la funci\u00f3n get_the_generator, lo que podr\u00eda conducir a Cross-Site Scripting (XSS) en una etiqueta generator."}], "id": "CVE-2018-10102", "lastModified": "2018-05-18T13:50:36.550", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-04-16T09:58:09.713", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/103775"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1040836"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://codex.wordpress.org/Version_4.9.5"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://core.trac.wordpress.org/changeset/42893"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://wpvulndb.com/vulnerabilities/9055"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2018/dsa-4193"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}