ID CVE-2010-4518 Type cve Reporter NVD Modified 2010-12-18T02:07:04
Description
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
{"assessment": {"system": "", "name": "", "href": ""}, "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "type": "cve", "viewCount": 3, "bulletinFamily": "NVD", "scanner": [], "edition": 1, "cvelist": ["CVE-2010-4518"], "published": "2010-12-09T16:00:02", "objectVersion": "1.2", "history": [], "title": "CVE-2010-4518", "reporter": "NVD", "hash": "94d89e028b73b1dfe92f65eba0be717b6c13a1d7de8bb9a7473c76d95d94f957", "lastseen": "2016-09-03T14:37:26", "id": "CVE-2010-4518", "description": "Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.", "modified": "2010-12-18T02:07:04", "references": ["http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66", "http://www.securityfocus.com/bid/45267"], "cpe": ["cpe:/a:wobeo:wp-safe-search:0.7"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4518", "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2016-09-03T14:37:26"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310801490"]}, {"type": "exploitdb", "idList": ["EDB-ID:35067"]}], "modified": "2016-09-03T14:37:26"}, "vulnersScore": 4.3}}
{"exploitdb": [{"lastseen": "2016-02-04T00:32:11", "bulletinFamily": "exploit", "description": "WordPress Safe Search Plugin 'v1' Parameter Cross Site Scripting Vulnerability. CVE-2010-4518. Webapps exploit for php platform", "modified": "2010-12-08T00:00:00", "published": "2010-12-08T00:00:00", "id": "EDB-ID:35067", "href": "https://www.exploit-db.com/exploits/35067/", "type": "exploitdb", "title": "WordPress Safe Search Plugin 'v1' Parameter - Cross-Site Scripting Vulnerability", "sourceData": "source: http://www.securityfocus.com/bid/45267/info\r\n\r\nThe Safe Search plugin for Wordpress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\r\n\r\nSafe Search 0.7 is vulnerable; other versions may also be affected. 2010-12-08\r\n\r\nhttp://www.example.com/wordpress/wp-content/plugins/wp-safe-search/wp-safe-search-jx.php?v1=%3Cscript%3Ealert(0)%3C/script%3E ", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/35067/"}], "openvas": [{"lastseen": "2018-09-24T18:21:31", "bulletinFamily": "scanner", "description": "This host is running WordPress and is prone to Cross Site\nScripting Vulnerability.", "modified": "2018-09-22T00:00:00", "published": "2010-12-21T00:00:00", "id": "OPENVAS:1361412562310801490", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801490", "title": "WordPress Safe Search Plugin 'v1' Parameter Cross Site Scripting Vulnerability", "type": "openvas", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_wordpress_safe_search_xss_vuln.nasl 11553 2018-09-22 14:22:01Z cfischer $\n#\n# WordPress Safe Search Plugin 'v1' Parameter Cross Site Scripting Vulnerability\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n################################i###############################################\nCPE = \"cpe:/a:wordpress:wordpress\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801490\");\n script_version(\"$Revision: 11553 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 16:22:01 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-21 15:42:46 +0100 (Tue, 21 Dec 2010)\");\n script_cve_id(\"CVE-2010-4518\");\n script_bugtraq_id(45267);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"WordPress Safe Search Plugin 'v1' Parameter Cross Site Scripting Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/42544\");\n script_xref(name:\"URL\", value:\"http://www.johnleitch.net/Vulnerabilities/WordPress.Safe.Search.0.7.Reflected.Cross-site.Scripting/66\");\n\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_category(ACT_ATTACK);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"secpod_wordpress_detect_900182.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"wordpress/installed\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to execute arbitrary\nHTML and script code in a user's browser session in context of an affected site.\");\n script_tag(name:\"affected\", value:\"WordPress Safe Search Plugin 0.7 and prior\");\n script_tag(name:\"insight\", value:\"The input passed to 'v1' parameter in\n'wp-content/plugins/wp-safe-search/wp-safe-search-jx.php' script is not\nproperly sanitised before being returned to the user.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"This host is running WordPress and is prone to Cross Site\nScripting Vulnerability.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ninclude(\"host_details.inc\");\n\n\nwpPort = get_app_port(cpe:CPE);\nif(!wpPort){\n exit(0);\n}\n\nif(!dir = get_app_location(cpe:CPE, port:wpPort))exit(0);\n\nif(dir != NULL)\n{\n sndReq = http_get(item:string(dir, \"/wp-content/plugins/wp-safe-search/\" +\n \"wp-safe-search-jx.php?v1=<script>alert(XSS-Testing)</script>\"), port:wpPort);\n rcvRes = http_send_recv(port:wpPort, data:sndReq);\n if(rcvRes =~ \"HTTP/1\\.. 200\" && \"<script>alert(XSS-Testing)</script>\" >< rcvRes){\n security_message(wpPort);\n }\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
