ID CVE-2015-9515Type cveReporter cve@mitre.orgModified 2019-10-25T19:10:00
Description
The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.
{"id": "CVE-2015-9515", "bulletinFamily": "NVD", "title": "CVE-2015-9515", "description": "The Easy Digital Downloads (EDD) htaccess Editor extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused.", "published": "2019-10-23T17:15:00", "modified": "2019-10-25T19:10:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9515", "reporter": "cve@mitre.org", "references": ["https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"], "cvelist": ["CVE-2015-9515"], "type": "cve", "lastseen": "2020-12-09T20:03:10", "edition": 6, "viewCount": 44, "enchantments": {"dependencies": {"references": [{"type": "wpvulndb", "idList": ["WPVDB-ID:10067"]}], "modified": "2020-12-09T20:03:10", "rev": 2}, "score": {"value": 0.8, "vector": "NONE", "modified": "2020-12-09T20:03:10", "rev": 2}, "vulnersScore": 0.8}, "cpe": ["cpe:/a:easydigitaldownloads:htaccess_editor:-"], "affectedSoftware": [{"cpeName": "easydigitaldownloads:htaccess_editor", "name": "easydigitaldownloads htaccess editor", "operator": "eq", "version": "-"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.2.9"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "1.9.10"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "1.8.7"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.3.7"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.1.11"}, {"cpeName": "easydigitaldownloads:easy_digital_downloads", "name": "easydigitaldownloads easy digital downloads", "operator": "lt", "version": "2.0.5"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:easydigitaldownloads:htaccess_editor:-:*:*:*:*:easy_digital_downloads:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:htaccess_editor:-:*:*:*:*:easy_digital_downloads:*:*", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.2.9:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.2.9", "versionStartIncluding": "2.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.1.11:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.1.11", "versionStartIncluding": "2.1", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:1.8.7:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.8.7", "versionStartIncluding": "1.8", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.0.5:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.0.5", "versionStartIncluding": "2.0", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:1.9.10:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:easydigitaldownloads:easy_digital_downloads:2.3.7:*:*:*:*:wordpress:*:*", "versionEndExcluding": "2.3.7", "versionStartIncluding": "2.3", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}}
{"wpvulndb": [{"lastseen": "2020-12-20T14:41:37", "bulletinFamily": "software", "cvelist": ["CVE-2015-9505", "CVE-2015-9506", "CVE-2015-9507", "CVE-2015-9508", "CVE-2015-9509", "CVE-2015-9510", "CVE-2015-9511", "CVE-2015-9512", "CVE-2015-9513", "CVE-2015-9514", "CVE-2015-9515", "CVE-2015-9516", "CVE-2015-9517", "CVE-2015-9518", "CVE-2015-9519", "CVE-2015-9520", "CVE-2015-9521", "CVE-2015-9522", "CVE-2015-9523", "CVE-2015-9524", "CVE-2015-9525", "CVE-2015-9526", "CVE-2015-9527", "CVE-2015-9528", "CVE-2015-9529", "CVE-2015-9530", "CVE-2015-9531"], "description": "Some of the extension were also vulnerable, but could not determine their slug/fixed version, such as the edd-amazon-s3 (fixed in ??)\n", "modified": "2020-09-22T08:26:07", "published": "2015-04-20T00:00:00", "id": "WPVDB-ID:10067", "href": "https://wpvulndb.com/vulnerabilities/10067", "type": "wpvulndb", "title": "Multiple Easy Digital Downloads Plugins - Cross-Site Scripting Issue", "sourceData": "", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
