cvelistv5 - cve-2013-3487

CVE-2013-3487 (GCVE-0-2013-3487)

Vulnerability from cvelistv5 – Published: 2014-03-03 16:00 – Updated: 2024-08-06 16:14

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.

Severity ?

No CVSS data available.

CWE

Assigner

flexera

References

URL

Tags

	http://secunia.com/advisories/53614	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/61583	vdb-entryx_refsource_BID
	http://osvdb.org/95928	vdb-entryx_refsource_OSVDB
	http://wordpress.org/plugins/bulletproof-security…	x_refsource_CONFIRM
	http://osvdb.org/95930	vdb-entryx_refsource_OSVDB
	http://osvdb.org/95929	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:14:54.629Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "53614",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/53614"
          },
          {
            "name": "wp-bulletproofsecurity-cve20133487-xss(86160)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
          },
          {
            "name": "61583",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61583"
          },
          {
            "name": "95928",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95928"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
          },
          {
            "name": "95930",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95930"
          },
          {
            "name": "95929",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/95929"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "name": "53614",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/53614"
        },
        {
          "name": "wp-bulletproofsecurity-cve20133487-xss(86160)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
        },
        {
          "name": "61583",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61583"
        },
        {
          "name": "95928",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95928"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
        },
        {
          "name": "95930",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95930"
        },
        {
          "name": "95929",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/95929"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2013-3487",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "53614",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/53614"
            },
            {
              "name": "wp-bulletproofsecurity-cve20133487-xss(86160)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
            },
            {
              "name": "61583",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61583"
            },
            {
              "name": "95928",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95928"
            },
            {
              "name": "http://wordpress.org/plugins/bulletproof-security/changelog",
              "refsource": "CONFIRM",
              "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
            },
            {
              "name": "95930",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95930"
            },
            {
              "name": "95929",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/95929"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2013-3487",
    "datePublished": "2014-03-03T16:00:00",
    "dateReserved": "2013-05-07T00:00:00",
    "dateUpdated": "2024-08-06T16:14:54.629Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \".48.9\", \"matchCriteriaId\": \"726C98B9-95EB-4B38-8920-676166F82D7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.45.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3D2AEC61-3532-4CF2-9D42-F2A5A7017FA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.45.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8BD3B7D-4630-4635-9C8C-E80C74E62873\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.45.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9073809F-746B-4E9F-B82D-CDAC191D1A09\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.45.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0EE3A24-8EE4-458E-823F-0AFCA7A75358\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.45.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A83913B-0F8C-4CA9-8D6D-679451915CEB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.45.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09285189-F46A-4AF8-B67A-979CAA1E7A74\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0DDDDD54-36AA-4EEE-98C6-85CA04340AD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90D98BFA-5C4D-40EE-A220-EE3B4E7AB5A6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"249104CC-B3B0-46EA-BEF8-3FBAB8A2F8C9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B45882E8-4C83-47EC-A72C-9853B7DB2FD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB785C1F-388F-4A6C-ABD1-21F22049DA96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8378071-6297-493C-9F04-96DE7092F6EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB27728E-3E4C-4FD8-A2E2-8A3AA92FC4B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"99E27B4A-0B71-4F5F-B701-2F4A45CBAE06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0136668-A50D-4B7C-946F-37251CF96512\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.46.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B644E32B-30B4-4816-BBC4-9DC1C856AC85\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B7A4697-592E-49F6-A3C9-A152038DDB4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA60BA90-5500-42B7-847D-1EC5A5EF18BB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A4B82D02-DE66-4B73-B6E7-803A967C8DC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00F25E6F-95CC-437C-A35F-3C85088BC1A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B97E0878-ED0A-418C-A9F6-8127C2575413\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B4B544-A222-49E2-B20D-C41CA57A10FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8EF131CA-5C85-4B4B-9A56-61C47AAEFB08\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F8CFD0B-34A2-42CC-9840-0DE073829F99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3F6C7B6-2188-4D8F-9013-6A8B5BCCDC1D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.47.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B5B3CF5D-C559-4D3E-BF8C-CD47EB7CBA78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21840A8F-2D72-4A3A-858E-3387A5ACEC18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10D9A68B-52C1-4F4F-A540-AC28B3FB4934\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55A9395E-C31C-4467-BC44-8ABC6EE242AC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25FBFC8F-5DD0-479C-B027-00CBA1DA065B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2130F713-886B-41FD-9BE6-B06169C15165\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4E20DD3-AE98-44C9-958C-594FE9BFBF41\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"84A25C2D-D414-46A9-8553-C2276FAED0FC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E64FA5F-33B8-495E-BD22-EC4FD38CAA9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ait-pro:bulletproof-security:.48.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"321178F1-1DBB-4D81-ACF6-BE3892BC0D58\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A77EB0E7-7FA7-4232-97DF-7C7587D163F1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de XSS en el registro log de seguridad en el plugin BulletProof Security anterior a .49 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\\u00e9s de campos de cabecera HTML no especificados hacia (1) 400.php, (2) 403.php o (3) 403.php.\"}]",
      "id": "CVE-2013-3487",
      "lastModified": "2024-11-21T01:53:44.163",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2014-03-03T16:55:03.977",
      "references": "[{\"url\": \"http://osvdb.org/95928\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://osvdb.org/95929\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://osvdb.org/95930\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://secunia.com/advisories/53614\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wordpress.org/plugins/bulletproof-security/changelog\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://www.securityfocus.com/bid/61583\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/86160\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"http://osvdb.org/95928\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/95929\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://osvdb.org/95930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/53614\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://wordpress.org/plugins/bulletproof-security/changelog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/61583\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/86160\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-3487\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2014-03-03T16:55:03.977\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de XSS en el registro log de seguridad en el plugin BulletProof Security anterior a .49 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos de cabecera HTML no especificados hacia (1) 400.php, (2) 403.php o (3) 403.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\".48.9\",\"matchCriteriaId\":\"726C98B9-95EB-4B38-8920-676166F82D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.45.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D2AEC61-3532-4CF2-9D42-F2A5A7017FA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.45.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8BD3B7D-4630-4635-9C8C-E80C74E62873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.45.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9073809F-746B-4E9F-B82D-CDAC191D1A09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.45.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0EE3A24-8EE4-458E-823F-0AFCA7A75358\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.45.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A83913B-0F8C-4CA9-8D6D-679451915CEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.45.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09285189-F46A-4AF8-B67A-979CAA1E7A74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0DDDDD54-36AA-4EEE-98C6-85CA04340AD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90D98BFA-5C4D-40EE-A220-EE3B4E7AB5A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"249104CC-B3B0-46EA-BEF8-3FBAB8A2F8C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B45882E8-4C83-47EC-A72C-9853B7DB2FD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB785C1F-388F-4A6C-ABD1-21F22049DA96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8378071-6297-493C-9F04-96DE7092F6EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB27728E-3E4C-4FD8-A2E2-8A3AA92FC4B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"99E27B4A-0B71-4F5F-B701-2F4A45CBAE06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0136668-A50D-4B7C-946F-37251CF96512\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.46.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B644E32B-30B4-4816-BBC4-9DC1C856AC85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B7A4697-592E-49F6-A3C9-A152038DDB4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA60BA90-5500-42B7-847D-1EC5A5EF18BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4B82D02-DE66-4B73-B6E7-803A967C8DC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00F25E6F-95CC-437C-A35F-3C85088BC1A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B97E0878-ED0A-418C-A9F6-8127C2575413\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B4B544-A222-49E2-B20D-C41CA57A10FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8EF131CA-5C85-4B4B-9A56-61C47AAEFB08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F8CFD0B-34A2-42CC-9840-0DE073829F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F6C7B6-2188-4D8F-9013-6A8B5BCCDC1D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.47.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5B3CF5D-C559-4D3E-BF8C-CD47EB7CBA78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21840A8F-2D72-4A3A-858E-3387A5ACEC18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10D9A68B-52C1-4F4F-A540-AC28B3FB4934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55A9395E-C31C-4467-BC44-8ABC6EE242AC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25FBFC8F-5DD0-479C-B027-00CBA1DA065B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2130F713-886B-41FD-9BE6-B06169C15165\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4E20DD3-AE98-44C9-958C-594FE9BFBF41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84A25C2D-D414-46A9-8553-C2276FAED0FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E64FA5F-33B8-495E-BD22-EC4FD38CAA9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ait-pro:bulletproof-security:.48.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"321178F1-1DBB-4D81-ACF6-BE3892BC0D58\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A77EB0E7-7FA7-4232-97DF-7C7587D163F1\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/95928\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://osvdb.org/95929\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://osvdb.org/95930\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://secunia.com/advisories/53614\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wordpress.org/plugins/bulletproof-security/changelog\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://www.securityfocus.com/bid/61583\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/86160\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"http://osvdb.org/95928\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/95929\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://osvdb.org/95930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/53614\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://wordpress.org/plugins/bulletproof-security/changelog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/61583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/86160\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2013-3487

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-3487

Aliases

CVE-2013-3487

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3487",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.",
    "id": "GSD-2013-3487"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3487"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.",
      "id": "GSD-2013-3487",
      "modified": "2023-12-13T01:22:23.046044Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2013-3487",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "53614",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/53614"
          },
          {
            "name": "wp-bulletproofsecurity-cve20133487-xss(86160)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
          },
          {
            "name": "61583",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/61583"
          },
          {
            "name": "95928",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/95928"
          },
          {
            "name": "http://wordpress.org/plugins/bulletproof-security/changelog",
            "refsource": "CONFIRM",
            "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
          },
          {
            "name": "95930",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/95930"
          },
          {
            "name": "95929",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/95929"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.45.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.45.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": ".48.9",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.45.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.45.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.45.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.45.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.48.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.47:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.9:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:ait-pro:bulletproof-security:.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2013-3487"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "95930",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/95930"
            },
            {
              "name": "95929",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/95929"
            },
            {
              "name": "53614",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/53614"
            },
            {
              "name": "61583",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/61583"
            },
            {
              "name": "http://wordpress.org/plugins/bulletproof-security/changelog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
            },
            {
              "name": "95928",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/95928"
            },
            {
              "name": "wp-bulletproofsecurity-cve20133487-xss(86160)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-29T01:33Z",
      "publishedDate": "2014-03-03T16:55Z"
    }
  }
}

GHSA-J4XV-V7GM-QJ5Q

Vulnerability from github – Published: 2022-05-17 01:34 – Updated: 2022-05-17 01:34

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3487"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-03-03T16:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.",
  "id": "GHSA-j4xv-v7gm-qj5q",
  "modified": "2022-05-17T01:34:46Z",
  "published": "2022-05-17T01:34:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3487"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/95928"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/95929"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/95930"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/53614"
    },
    {
      "type": "WEB",
      "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/61583"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-3487

Vulnerability from fkie_nvd - Published: 2014-03-03 16:55 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	http://osvdb.org/95928
PSIRT-CNA@flexerasoftware.com	http://osvdb.org/95929
PSIRT-CNA@flexerasoftware.com	http://osvdb.org/95930
PSIRT-CNA@flexerasoftware.com	http://secunia.com/advisories/53614	Vendor Advisory
PSIRT-CNA@flexerasoftware.com	http://wordpress.org/plugins/bulletproof-security/changelog
PSIRT-CNA@flexerasoftware.com	http://www.securityfocus.com/bid/61583
PSIRT-CNA@flexerasoftware.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/86160
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/95928
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/95929
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/95930
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/53614	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://wordpress.org/plugins/bulletproof-security/changelog
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61583
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86160

Impacted products

Vendor	Product	Version
ait-pro	bulletproof-security	*
ait-pro	bulletproof-security	.45.4
ait-pro	bulletproof-security	.45.5
ait-pro	bulletproof-security	.45.6
ait-pro	bulletproof-security	.45.7
ait-pro	bulletproof-security	.45.8
ait-pro	bulletproof-security	.45.9
ait-pro	bulletproof-security	.46
ait-pro	bulletproof-security	.46.1
ait-pro	bulletproof-security	.46.2
ait-pro	bulletproof-security	.46.3
ait-pro	bulletproof-security	.46.4
ait-pro	bulletproof-security	.46.5
ait-pro	bulletproof-security	.46.6
ait-pro	bulletproof-security	.46.7
ait-pro	bulletproof-security	.46.8
ait-pro	bulletproof-security	.46.9
ait-pro	bulletproof-security	.47
ait-pro	bulletproof-security	.47.1
ait-pro	bulletproof-security	.47.2
ait-pro	bulletproof-security	.47.3
ait-pro	bulletproof-security	.47.4
ait-pro	bulletproof-security	.47.5
ait-pro	bulletproof-security	.47.6
ait-pro	bulletproof-security	.47.7
ait-pro	bulletproof-security	.47.8
ait-pro	bulletproof-security	.47.9
ait-pro	bulletproof-security	.48
ait-pro	bulletproof-security	.48.1
ait-pro	bulletproof-security	.48.2
ait-pro	bulletproof-security	.48.3
ait-pro	bulletproof-security	.48.4
ait-pro	bulletproof-security	.48.5
ait-pro	bulletproof-security	.48.6
ait-pro	bulletproof-security	.48.7
ait-pro	bulletproof-security	.48.8
wordpress	wordpress	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "726C98B9-95EB-4B38-8920-676166F82D7F",
              "versionEndIncluding": ".48.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D2AEC61-3532-4CF2-9D42-F2A5A7017FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BD3B7D-4630-4635-9C8C-E80C74E62873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9073809F-746B-4E9F-B82D-CDAC191D1A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0EE3A24-8EE4-458E-823F-0AFCA7A75358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A83913B-0F8C-4CA9-8D6D-679451915CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09285189-F46A-4AF8-B67A-979CAA1E7A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDDDD54-36AA-4EEE-98C6-85CA04340AD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D98BFA-5C4D-40EE-A220-EE3B4E7AB5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "249104CC-B3B0-46EA-BEF8-3FBAB8A2F8C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B45882E8-4C83-47EC-A72C-9853B7DB2FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB785C1F-388F-4A6C-ABD1-21F22049DA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8378071-6297-493C-9F04-96DE7092F6EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB27728E-3E4C-4FD8-A2E2-8A3AA92FC4B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E27B4A-0B71-4F5F-B701-2F4A45CBAE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0136668-A50D-4B7C-946F-37251CF96512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B644E32B-30B4-4816-BBC4-9DC1C856AC85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B7A4697-592E-49F6-A3C9-A152038DDB4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA60BA90-5500-42B7-847D-1EC5A5EF18BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B82D02-DE66-4B73-B6E7-803A967C8DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F25E6F-95CC-437C-A35F-3C85088BC1A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97E0878-ED0A-418C-A9F6-8127C2575413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B4B544-A222-49E2-B20D-C41CA57A10FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF131CA-5C85-4B4B-9A56-61C47AAEFB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F8CFD0B-34A2-42CC-9840-0DE073829F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F6C7B6-2188-4D8F-9013-6A8B5BCCDC1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5B3CF5D-C559-4D3E-BF8C-CD47EB7CBA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "21840A8F-2D72-4A3A-858E-3387A5ACEC18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D9A68B-52C1-4F4F-A540-AC28B3FB4934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9395E-C31C-4467-BC44-8ABC6EE242AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FBFC8F-5DD0-479C-B027-00CBA1DA065B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2130F713-886B-41FD-9BE6-B06169C15165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E20DD3-AE98-44C9-958C-594FE9BFBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A25C2D-D414-46A9-8553-C2276FAED0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E64FA5F-33B8-495E-BD22-EC4FD38CAA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "321178F1-1DBB-4D81-ACF6-BE3892BC0D58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en el registro log de seguridad en el plugin BulletProof Security anterior a .49 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos de cabecera HTML no especificados hacia (1) 400.php, (2) 403.php o (3) 403.php."
    }
  ],
  "id": "CVE-2013-3487",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-03T16:55:03.977",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://osvdb.org/95928"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://osvdb.org/95929"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://osvdb.org/95930"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53614"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/61583"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-3487 (GCVE-0-2013-3487)

GSD-2013-3487

GHSA-J4XV-V7GM-QJ5Q

FKIE_CVE-2013-3487

Tags

Sightings

Nomenclature