Lucene search

[email protected]CVE-2013-3529

HistoryMay 10, 2013 - 9:55 p.m.

CVE-2013-3529

2013-05-1021:55:02

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-3529

cross-site scripting

xss

vulnerabilities

wp funeralpress

obits.php

nvd

security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter.

Affected configurations

NVD

Node

smartypantspluginswp-funeral-pressRange≤1.1.6

smartypantspluginswp-funeral-pressMatch1.0.1

smartypantspluginswp-funeral-pressMatch1.0.2

smartypantspluginswp-funeral-pressMatch1.0.3

smartypantspluginswp-funeral-pressMatch1.0.4

smartypantspluginswp-funeral-pressMatch1.0.5

smartypantspluginswp-funeral-pressMatch1.0.7

smartypantspluginswp-funeral-pressMatch1.0.9

smartypantspluginswp-funeral-pressMatch1.1.0

smartypantspluginswp-funeral-pressMatch1.1.2

smartypantspluginswp-funeral-pressMatch1.1.3

smartypantspluginswp-funeral-pressMatch1.1.4

AND

wordpresswordpressMatch-

CPENameOperatorVersion
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-pressle1.1.6
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.0.1
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.0.2
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.0.3
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.0.4
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.0.5
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.0.7
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.0.9
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.1.0
smartypantsplugins:wp-funeral-presssmartypantsplugins wp-funeral-presseq1.1.2

CPE	Name	Operator	Version
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	le	1.1.6
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.0.1
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.0.2
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.0.3
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.0.4
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.0.5
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.0.7
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.0.9
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.1.0
smartypantsplugins:wp-funeral-press	smartypantsplugins wp-funeral-press	eq	1.1.2

Rows per page:

1-10 of 121

References

packetstormsecurity.com/files/121030/WordPress-FuneralPress-1.1.6-Cross-Site-Scripting.html

plugins.trac.wordpress.org/changeset?old_path=%2Fwp-funeral-press&old=690038&new_path=%2Fwp-funeral-press&new=690038

seclists.org/fulldisclosure/2013/Mar/282

secunia.com/advisories/52809

wordpress.org/extend/plugins/wp-funeral-press/changelog/

www.exploit-db.com/exploits/24914

www.securityfocus.com/bid/58790

exchange.xforce.ibmcloud.com/vulnerabilities/83188

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.1%

JSON

Related for CVE-2013-3529

wpvulndb1 prion1 cvelist1 patchstack1 nvd1