CVE-2013-5978

🗓️ 11 Dec 2019 18:36:56Reported by mitreType

cve🔗 web.nvd.nist.gov👁 92 Views🌐 WEB

Multiple XSS vulnerabilities in Cart66 Lite plugin for WordPress

Reporter	Title	Published	Views	Family All 15
0day.today	Wordpress Cart66 Plugin 1.5.1.14 - Multiple Vulnerabilities	14 Oct 201300:00	–	zdt
Circl	CVE-2013-5978	14 Oct 201300:00	–	circl
Cvelist	CVE-2013-5978	11 Dec 201918:36	–	cvelist
Exploit DB	WordPress Plugin Cart66 1.5.1.14 - Multiple Vulnerabilities	14 Oct 201300:00	–	exploitdb
EUVD	EUVD-2013-5808	7 Oct 202500:30	–	euvd
exploitpack	WordPress Plugin Cart66 1.5.1.14 - Multiple Vulnerabilities	14 Oct 201300:00	–	exploitpack
NVD	CVE-2013-5978	11 Dec 201919:15	–	nvd
Packet Storm	WordPress Cart66 1.5.1.14 Cross Site Request Forgery / Cross Site Scripting	11 Oct 201300:00	–	packetstorm
Prion	Cross site scripting	11 Dec 201919:15	–	prion
securityvulns	Wordpress Cart66 Plugin 1.5.1.14 Multiple Vulnerabilities	13 Oct 201300:00	–	securityvulns

NVD

Node

cart66 cart66_lite_pluginRange≤1.5.1.14-wordpress

Source	Link
seclists	www.seclists.org/bugtraq/2013/Oct/52
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/87873
archives	www.archives.neohapsis.com/archives/bugtraq/2013-10/0048.html
securityfocus	www.securityfocus.com/bid/62977
packetstormsecurity	www.packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
exploit-db	www.exploit-db.com/exploits/28959
wordpress	www.wordpress.org/plugins/cart66-lite/changelog

Parameter	Position	Path	Description	CWE
cart66-action	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[id]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[name]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[item_number]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[price]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[price_description]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[is_user_price]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[min_price]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[max_price]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79
product[taxable]	request body	wordpress/wp-admin/admin.php?page=cart66-products	CSRF and stored XSS vulnerabilities in Cart66 Lite plugin allow manipulation and injection via POST to the admin page with vulnerable product fields.	CWE-79

21 Nov 2024 01:58Current

6Medium risk

Vulners AI Score6

CVSS 24.3

CVSS 3.16.1

EPSS0.02114

CWE-79