Sign-up

ID

VAR-201309-0343


CVE

CVE-2013-5918


TITLE

WordPress for Platinum SEO Plug-in platinum_seo_pack.php Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-004283

DESCRIPTION

Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. The Triangle Research Nano-10 PLC is a controller for automated manufacturing. The Triangle Research Nano-10 PLC has a remote denial of service attack when processing specially crafted messages, allowing remote attackers to crash applications. This vulnerability can be triggered when the firmware is processing a special length (over 0x200) MODBUS TCP message on TCP port 502. The Platinum SEO Pack plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to Platinum SEO Pack 1.3.8 are vulnerable

Trust: 2.61

sources: NVD: CVE-2013-5918 // JVNDB: JVNDB-2013-004283 // CNVD: CNVD-2013-13485 // BID: 62692 // IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13485

AFFECTED PRODUCTS

vendor:platinum seomodel:pluginscope:eqversion:1.2.7

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.3.3

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.2.8

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.3.2

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.3.4

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.3.5

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.3

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.3.1

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.2.9

Trust: 1.6

vendor:platinum seomodel:pluginscope:eqversion:1.3.6

Trust: 1.6

vendor:platinum seomodel:pluginscope:lteversion:1.3.7

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.2.1

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.2.2

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.2.4

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.2.5

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.2.3

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.2

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.2.6

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.1

Trust: 1.0

vendor:platinum seomodel:pluginscope:eqversion:1.0

Trust: 1.0

vendor:trianglemodel:research international inc nano-10 plc r81scope:ltversion: -

Trust: 0.8

vendor:platinum seomodel:pluginscope:ltversion:1.3.8

Trust: 0.8

vendor:techblissonlinemodel:platinum seo packscope:eqversion:1.3.7

Trust: 0.3

vendor:techblissonlinemodel:platinum seo packscope:neversion:1.3.8

Trust: 0.3

sources: IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13485 // BID: 62692 // JVNDB: JVNDB-2013-004283 // CNNVD: CNNVD-201309-398 // NVD: CVE-2013-5918

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5918
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5918
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-13485
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201309-398
value: MEDIUM

Trust: 0.6

IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

nvd@nist.gov: CVE-2013-5918
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-13485
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-13485 // JVNDB: JVNDB-2013-004283 // CNNVD: CNNVD-201309-398 // NVD: CVE-2013-5918

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-004283 // NVD: CVE-2013-5918

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-398

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-398

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-004283

PATCH
title:Platinum SEO Packurl:http://wordpress.org/plugins/platinum-seo-pack/changelog/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-004283

EXTERNAL IDS
db:NVDid:CVE-2013-5918
Trust: 2.7
db:OSVDBid:97263
Trust: 1.6
db:CNVDid:CNVD-2013-13485
Trust: 0.8
db:JVNDBid:JVNDB-2013-004283
Trust: 0.8
db:CNNVDid:CNNVD-201309-398
Trust: 0.6
db:BIDid:62692
Trust: 0.3
db:IVDid:53D04BAA-1F07-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 53d04baa-1f07-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-13485 // 
            
            
            
            BID: 62692 // 
            
            
            
            JVNDB: JVNDB-2013-004283 // 
            
            
            
            CNNVD: CNNVD-201309-398 // 
            
            
            
            NVD: CVE-2013-5918

REFERENCES
url:http://osvdb.org/ref/97/platinum_seo.txt
Trust: 1.9
url:http://www.osvdb.org/97263
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5918
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5918
Trust: 0.8
url:http://osvdb.org/ref/97/tri-nano10.txt
Trust: 0.6
url:http://techblissonline.com/platinum-seo-pack/
Trust: 0.3
url:http://www.wordpress.org/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-13485 // 
            
            
            
            BID: 62692 // 
            
            
            
            JVNDB: JVNDB-2013-004283 // 
            
            
            
            CNNVD: CNNVD-201309-398 // 
            
            
            
            NVD: CVE-2013-5918

CREDITS
Charlie Briggs and Richard Clifford
Trust: 0.3
sources:
            
            
            BID: 62692

SOURCES
db:IVDid:53d04baa-1f07-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-13485
db:BIDid:62692
db:JVNDBid:JVNDB-2013-004283
db:CNNVDid:CNNVD-201309-398
db:NVDid:CVE-2013-5918

LAST UPDATE DATE
2025-04-11T22:59:04.828000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-13485date:2013-10-09T00:00:00
db:BIDid:62692date:2013-09-23T00:00:00
db:JVNDBid:JVNDB-2013-004283date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-398date:2013-09-24T00:00:00
db:NVDid:CVE-2013-5918date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:53d04baa-1f07-11e6-abef-000c29c66e3ddate:2013-10-09T00:00:00
db:CNVDid:CNVD-2013-13485date:2013-10-09T00:00:00
db:BIDid:62692date:2013-09-23T00:00:00
db:JVNDBid:JVNDB-2013-004283date:2013-09-25T00:00:00
db:CNNVDid:CNNVD-201309-398date:2013-09-24T00:00:00
db:NVDid:CVE-2013-5918date:2013-09-23T10:18:59.297