cnvd - cnvd-2015-02819

CNVD-2015-02819

Vulnerability from cnvd - Published: 2015-04-30

Title

WordPress插件TheCartPress存在多个跨站脚本漏洞

Description

WordPress是WordPress软件基金会的一套使用PHP语言开发的博客平台，该平台支持在PHP和MySQL的服务器上架设个人博客网站。 WordPress插件TheCartPress存在多个跨站脚本漏洞。（1）由于许多用户提供的HTTP POST参数在 "Shipping address"和"Billing address"部分在被存储在本地数据库之前未能过滤，攻击者可以利用漏洞将存储在应用数据库注入恶意HTML和JS代码。（2）由于通过"search_by" GET参数传递到"/wp-admin/admin.php?page=thecartpress/admin/AddressesList.php","address_id", "address_name", "firstname", "lastname", "street", "city", "postcode", "email" GET参数传递到"/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php","post_id"和"rel_type" GET参数传递到"/wp-admin/admin.php?page=thecartpress/admin/AssignedCategoriesList.php"脚本,"post_type" GET参数传递到"/wp-admin/admin.php?page=thecartpress/admin/CustomFieldsList.php"脚本的输入在被返回给用户之前未能正确过滤，远程攻击者可以欺骗登录管理员打开一个特制链接，在受影响浏览器的上下文中执行任意HTML和脚本代码。

Severity

中

Formal description

目前没有详细解决方案提供： http://thecartpress.com/extend/important-note-nota-importante/

Reference

https://www.htbridge.com/advisory/HTB23254

Impacted products

Name
Wordpress TheCartPress Plugin <= 1.3.9

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "74395"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3300"
    }
  },
  "description": "WordPress\u662fWordPress\u8f6f\u4ef6\u57fa\u91d1\u4f1a\u7684\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\uff0c\u8be5\u5e73\u53f0\u652f\u6301\u5728PHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u3002\r\n\r\nWordPress\u63d2\u4ef6TheCartPress\u5b58\u5728\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\r\n\uff081\uff09\u7531\u4e8e\u8bb8\u591a\u7528\u6237\u63d0\u4f9b\u7684HTTP POST\u53c2\u6570\u5728 \"Shipping address\"\u548c\"Billing address\"\u90e8\u5206\u5728\u88ab\u5b58\u50a8\u5728\u672c\u5730\u6570\u636e\u5e93\u4e4b\u524d\u672a\u80fd\u8fc7\u6ee4\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5c06\u5b58\u50a8\u5728\u5e94\u7528\u6570\u636e\u5e93\u6ce8\u5165\u6076\u610fHTML\u548cJS\u4ee3\u7801\u3002\r\n\uff082\uff09\u7531\u4e8e\u901a\u8fc7\"search_by\" GET\u53c2\u6570\u4f20\u9012\u5230\"/wp-admin/admin.php?page=thecartpress/admin/AddressesList.php\",\"address_id\", \"address_name\", \"firstname\", \"lastname\", \"street\", \"city\", \"postcode\", \"email\" GET\u53c2\u6570\u4f20\u9012\u5230\"/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php\",\"post_id\"\u548c\"rel_type\" GET\u53c2\u6570\u4f20\u9012\u5230\"/wp-admin/admin.php?page=thecartpress/admin/AssignedCategoriesList.php\"\u811a\u672c,\"post_type\" GET\u53c2\u6570\u4f20\u9012\u5230\"/wp-admin/admin.php?page=thecartpress/admin/CustomFieldsList.php\"\u811a\u672c\u7684\u8f93\u5165\u5728\u88ab\u8fd4\u56de\u7ed9\u7528\u6237\u4e4b\u524d\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u6b3a\u9a97\u767b\u5f55\u7ba1\u7406\u5458\u6253\u5f00\u4e00\u4e2a\u7279\u5236\u94fe\u63a5\uff0c\u5728\u53d7\u5f71\u54cd\u6d4f\u89c8\u5668\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610fHTML\u548c\u811a\u672c\u4ee3\u7801\u3002",
  "discovererName": "High-Tech Bridge Security Research Lab",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a \r\nhttp://thecartpress.com/extend/important-note-nota-importante/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02819",
  "openTime": "2015-04-30",
  "products": {
    "product": "Wordpress TheCartPress Plugin \u003c= 1.3.9"
  },
  "referenceLink": "https://www.htbridge.com/advisory/HTB23254",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-29",
  "title": "WordPress\u63d2\u4ef6TheCartPress\u5b58\u5728\u591a\u4e2a\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2015-3300 (GCVE-0-2015-3300)

Vulnerability from cvelistv5 – Published: 2015-05-14 14:00 – Updated: 2024-08-06 05:39

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://osvdb.org/show/osvdb/121472	vdb-entryx_refsource_OSVDB
	http://osvdb.org/show/osvdb/121471	vdb-entryx_refsource_OSVDB
	https://www.htbridge.com/advisory/HTB23254	x_refsource_MISC
	https://wordpress.org/plugins/thecartpress/changelog/	x_refsource_CONFIRM
	http://osvdb.org/show/osvdb/121469	vdb-entryx_refsource_OSVDB
	http://packetstormsecurity.com/files/131673/WordP…	x_refsource_MISC
	http://osvdb.org/show/osvdb/121470	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/74395	vdb-entryx_refsource_BID
	https://www.exploit-db.com/exploits/36860/	exploitx_refsource_EXPLOIT-DB
	http://www.securityfocus.com/archive/1/535396/100…	mailing-listx_refsource_BUGTRAQ
	http://osvdb.org/show/osvdb/121438	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:32.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "121472",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/121472"
          },
          {
            "name": "121471",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/121471"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.htbridge.com/advisory/HTB23254"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wordpress.org/plugins/thecartpress/changelog/"
          },
          {
            "name": "121469",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/121469"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
          },
          {
            "name": "121470",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/121470"
          },
          {
            "name": "74395",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74395"
          },
          {
            "name": "36860",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/36860/"
          },
          {
            "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
          },
          {
            "name": "121438",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/show/osvdb/121438"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "121472",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/show/osvdb/121472"
        },
        {
          "name": "121471",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/show/osvdb/121471"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.htbridge.com/advisory/HTB23254"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wordpress.org/plugins/thecartpress/changelog/"
        },
        {
          "name": "121469",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/show/osvdb/121469"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
        },
        {
          "name": "121470",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/show/osvdb/121470"
        },
        {
          "name": "74395",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74395"
        },
        {
          "name": "36860",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/36860/"
        },
        {
          "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
        },
        {
          "name": "121438",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/show/osvdb/121438"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3300",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "121472",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/show/osvdb/121472"
            },
            {
              "name": "121471",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/show/osvdb/121471"
            },
            {
              "name": "https://www.htbridge.com/advisory/HTB23254",
              "refsource": "MISC",
              "url": "https://www.htbridge.com/advisory/HTB23254"
            },
            {
              "name": "https://wordpress.org/plugins/thecartpress/changelog/",
              "refsource": "CONFIRM",
              "url": "https://wordpress.org/plugins/thecartpress/changelog/"
            },
            {
              "name": "121469",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/show/osvdb/121469"
            },
            {
              "name": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/131673/WordPress-TheCartPress-1.3.9-XSS-Local-File-Inclusion.html"
            },
            {
              "name": "121470",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/show/osvdb/121470"
            },
            {
              "name": "74395",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74395"
            },
            {
              "name": "36860",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/36860/"
            },
            {
              "name": "20150429 Multiple Vulnerabilities in TheCartPress WordPress plugin",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/535396/100/0/threaded"
            },
            {
              "name": "121438",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/show/osvdb/121438"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3300",
    "datePublished": "2015-05-14T14:00:00",
    "dateReserved": "2015-04-13T00:00:00",
    "dateUpdated": "2024-08-06T05:39:32.134Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-02819

CVE-2015-3300 (GCVE-0-2015-3300)

Tags

Sightings

Nomenclature