Lucene search

K
cveMitreCVE-2018-11568
HistoryMay 30, 2018 - 10:29 p.m.

CVE-2018-11568

2018-05-3022:29:00
CWE-79
mitre
web.nvd.nist.gov
22
cve
2018
11568
reflected xss
gameplan
wordpress
theme
input sanitization

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.8%

Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the ‘<’ and ‘>’ characters have < and > representations.

Affected configurations

Nvd
Node
cactusthemesgameplan-event_and_gym_fitnessRange1.5.13.2wordpress
VendorProductVersionCPE
cactusthemesgameplan-event_and_gym_fitness*cpe:2.3:a:cactusthemes:gameplan-event_and_gym_fitness:*:*:*:*:*:wordpress:*:*

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

39.8%

Related for CVE-2018-11568