Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress Bradesco Gateway Cross Site Scripting

🗓️ 23 Sep 2013 00:00:00Reported by Alexandro SilvaType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

Bradesco Gateway XSS vulnerability in WordPress plugi

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2013-5916
8 May 201415:00
cve
Cvelist		CVE-2013-5916
8 May 201415:00
cvelist
EUVD		EUVD-2013-5750
7 Oct 202500:30
euvd
NVD		CVE-2013-5916
8 May 201415:55
nvd
OpenVAS		WordPress WP-Ecommerce with Bradesco Gateway 'falha.php' XSS Vulnerability
12 Jun 201400:00
openvas
Patchstack		WordPress Bradesco Gateway Plugin <= 2.0 - XSS
19 Sep 201300:00
patchstack
Prion		Cross site scripting
8 May 201415:55
prion
securityvulns		[IBliss Security Advisory] Cross-site scripting &#40; XSS &#41; in Bradesco gateway wordpress plugin
2 Oct 201300:00
securityvulns
securityvulns		Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2 Oct 201300:00
securityvulns
WPVulnDB		Bradesco - falha.php URI Reflected XSS
1 Aug 201410:59
wpvulndb
Rows per page
`[ Bradesco Gateway Wordpress plugin Cross-site scripting ( XSS ) ]  
  
[ Vendor product description]  
Bradesco Gateway for the WP-Ecommerce plugin.  
  
[ Bug Description ]  
  
Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco  
Gateway plugin before 2.0 for WordPress allows remote attackers to  
inject arbitrary web script or HTML.  
  
  
[ History ]  
  
Advisory sent to vendor on 09/04/2013  
Contact vendor again on 09/13/2013  
Contact vendor again on 09/20/2013  
Advisory sent to Wordpress plugin team on 09/20/2013  
  
[ Impact ]  
HIGH  
  
[ Afected Version ]  
  
2.0  
  
[ Vendor Reply ]  
  
No Vendor team response.  
No Wordpress plugin response.  
  
[ CVE Reference ]  
  
CVE-2013-5916  
  
[ PoC ]  
  
Payload: http://[host]/>  
/wordpress/wp-content/plugins/wp-e-commerce/wpsc-merchants/bradesco-gateway/falha.php?1%3CScRiPt%3Eprompt%28%27XSS%27%29%3C/ScRiPt%3E  
  
[ References ]  
  
[1] Bradesco-gateway -  
http://plugins.svn.wordpress.org/bradesco-gateway/trunk/bradesco-gateway.php  
[2] Owasp Cross-site scripting -  
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)  
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/  
  
--------------------------------------------  
iBliss Segurança e Inteligência - Sponsor: Alexandro Silva - Alexos  
  
alexos (at) ibliss.com (dot) br [email concealed]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Sep 2013 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.0027
bradesco gatewaycross-site scriptingxsswordpressvulnerabilitycve-2013-5916owasp
36