FKIE_CVE-2013-3487

Vulnerability from fkie_nvd - Published: 2014-03-03 16:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.
References
PSIRT-CNA@flexerasoftware.comhttp://osvdb.org/95928
PSIRT-CNA@flexerasoftware.comhttp://osvdb.org/95929
PSIRT-CNA@flexerasoftware.comhttp://osvdb.org/95930
PSIRT-CNA@flexerasoftware.comhttp://secunia.com/advisories/53614Vendor Advisory
PSIRT-CNA@flexerasoftware.comhttp://wordpress.org/plugins/bulletproof-security/changelog
PSIRT-CNA@flexerasoftware.comhttp://www.securityfocus.com/bid/61583
PSIRT-CNA@flexerasoftware.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/86160
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95928
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95929
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/95930
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/53614Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://wordpress.org/plugins/bulletproof-security/changelog
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/61583
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/86160
Impacted products
Vendor Product Version
ait-pro bulletproof-security *
ait-pro bulletproof-security .45.4
ait-pro bulletproof-security .45.5
ait-pro bulletproof-security .45.6
ait-pro bulletproof-security .45.7
ait-pro bulletproof-security .45.8
ait-pro bulletproof-security .45.9
ait-pro bulletproof-security .46
ait-pro bulletproof-security .46.1
ait-pro bulletproof-security .46.2
ait-pro bulletproof-security .46.3
ait-pro bulletproof-security .46.4
ait-pro bulletproof-security .46.5
ait-pro bulletproof-security .46.6
ait-pro bulletproof-security .46.7
ait-pro bulletproof-security .46.8
ait-pro bulletproof-security .46.9
ait-pro bulletproof-security .47
ait-pro bulletproof-security .47.1
ait-pro bulletproof-security .47.2
ait-pro bulletproof-security .47.3
ait-pro bulletproof-security .47.4
ait-pro bulletproof-security .47.5
ait-pro bulletproof-security .47.6
ait-pro bulletproof-security .47.7
ait-pro bulletproof-security .47.8
ait-pro bulletproof-security .47.9
ait-pro bulletproof-security .48
ait-pro bulletproof-security .48.1
ait-pro bulletproof-security .48.2
ait-pro bulletproof-security .48.3
ait-pro bulletproof-security .48.4
ait-pro bulletproof-security .48.5
ait-pro bulletproof-security .48.6
ait-pro bulletproof-security .48.7
ait-pro bulletproof-security .48.8
wordpress wordpress -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "726C98B9-95EB-4B38-8920-676166F82D7F",
              "versionEndIncluding": ".48.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D2AEC61-3532-4CF2-9D42-F2A5A7017FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8BD3B7D-4630-4635-9C8C-E80C74E62873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9073809F-746B-4E9F-B82D-CDAC191D1A09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0EE3A24-8EE4-458E-823F-0AFCA7A75358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A83913B-0F8C-4CA9-8D6D-679451915CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.45.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "09285189-F46A-4AF8-B67A-979CAA1E7A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDDDD54-36AA-4EEE-98C6-85CA04340AD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D98BFA-5C4D-40EE-A220-EE3B4E7AB5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "249104CC-B3B0-46EA-BEF8-3FBAB8A2F8C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B45882E8-4C83-47EC-A72C-9853B7DB2FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB785C1F-388F-4A6C-ABD1-21F22049DA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8378071-6297-493C-9F04-96DE7092F6EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB27728E-3E4C-4FD8-A2E2-8A3AA92FC4B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99E27B4A-0B71-4F5F-B701-2F4A45CBAE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0136668-A50D-4B7C-946F-37251CF96512",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.46.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B644E32B-30B4-4816-BBC4-9DC1C856AC85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B7A4697-592E-49F6-A3C9-A152038DDB4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA60BA90-5500-42B7-847D-1EC5A5EF18BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B82D02-DE66-4B73-B6E7-803A967C8DC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00F25E6F-95CC-437C-A35F-3C85088BC1A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97E0878-ED0A-418C-A9F6-8127C2575413",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B4B544-A222-49E2-B20D-C41CA57A10FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EF131CA-5C85-4B4B-9A56-61C47AAEFB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F8CFD0B-34A2-42CC-9840-0DE073829F99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3F6C7B6-2188-4D8F-9013-6A8B5BCCDC1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.47.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5B3CF5D-C559-4D3E-BF8C-CD47EB7CBA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "21840A8F-2D72-4A3A-858E-3387A5ACEC18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D9A68B-52C1-4F4F-A540-AC28B3FB4934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55A9395E-C31C-4467-BC44-8ABC6EE242AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "25FBFC8F-5DD0-479C-B027-00CBA1DA065B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2130F713-886B-41FD-9BE6-B06169C15165",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E20DD3-AE98-44C9-958C-594FE9BFBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "84A25C2D-D414-46A9-8553-C2276FAED0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E64FA5F-33B8-495E-BD22-EC4FD38CAA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ait-pro:bulletproof-security:.48.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "321178F1-1DBB-4D81-ACF6-BE3892BC0D58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:wordpress:wordpress:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A77EB0E7-7FA7-4232-97DF-7C7587D163F1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de XSS en el registro log de seguridad en el plugin BulletProof Security anterior a .49 para WordPress permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de campos de cabecera HTML no especificados hacia (1) 400.php, (2) 403.php o (3) 403.php."
    }
  ],
  "id": "CVE-2013-3487",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2014-03-03T16:55:03.977",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://osvdb.org/95928"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://osvdb.org/95929"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://osvdb.org/95930"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53614"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "http://www.securityfocus.com/bid/61583"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95928"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/95930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/53614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://wordpress.org/plugins/bulletproof-security/changelog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86160"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.