Sign-up

ID

VAR-201405-0105


CVE

CVE-2013-5916


TITLE

WP e-Commerce Used by plug-ins Wordpress for Bradesco Gateway Plug-in vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-006419

DESCRIPTION

Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. The Bradesco Gateway plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blogging websites on PHP and MySQL servers. Bradesco Gateway is one of the payment gateway plugins

Trust: 1.98

sources: NVD: CVE-2013-5916 // JVNDB: JVNDB-2013-006419 // BID: 62617 // VULHUB: VHN-65918

AFFECTED PRODUCTS

vendor:bradesco gateway pluginmodel:gatewayscope:eqversion:2.0

Trust: 2.4

vendor:bradescomodel:gateway bradesco gatewayscope:eqversion:2.0

Trust: 0.3

sources: BID: 62617 // JVNDB: JVNDB-2013-006419 // CNNVD: CNNVD-201309-451 // NVD: CVE-2013-5916

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-5916
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-5916
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-451
value: MEDIUM

Trust: 0.6

VULHUB: VHN-65918
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-5916
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-65918
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-65918 // JVNDB: JVNDB-2013-006419 // CNNVD: CNNVD-201309-451 // NVD: CVE-2013-5916

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-65918 // JVNDB: JVNDB-2013-006419 // NVD: CVE-2013-5916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-451

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201309-451

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006419

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-65918

PATCH
title:wp-plugins/bradesco-gatewayurl:https://github.com/wp-plugins/bradesco-gateway
Trust: 0.8
title:BRADESCO GATEWAYurl:http://wordpress.org/support/view/plugin-reviews/bradesco-gateway
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006419

EXTERNAL IDS
db:NVDid:CVE-2013-5916
Trust: 2.8
db:BIDid:62617
Trust: 2.0
db:OSVDBid:97624
Trust: 1.7
db:JVNDBid:JVNDB-2013-006419
Trust: 0.8
db:CNNVDid:CNNVD-201309-451
Trust: 0.7
db:BUGTRAQid:20130923 [IBLISS SECURITY ADVISORY] CROSS-SITE SCRIPTING ( XSS ) IN BRADESCO GATEWAY WORDPRESS PLUGIN
Trust: 0.6
db:PACKETSTORMid:123356
Trust: 0.1
db:VULHUBid:VHN-65918
Trust: 0.1
sources:
            
            
            VULHUB: VHN-65918 // 
            
            
            
            BID: 62617 // 
            
            
            
            JVNDB: JVNDB-2013-006419 // 
            
            
            
            CNNVD: CNNVD-201309-451 // 
            
            
            
            NVD: CVE-2013-5916

REFERENCES
url:http://archives.neohapsis.com/archives/bugtraq/2013-09/0112.html
Trust: 2.5
url:http://www.securityfocus.com/bid/62617
Trust: 1.7
url:http://osvdb.org/97624
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5916
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5916
Trust: 0.8
url:http://seclists.org/bugtraq/2013/sep/111
Trust: 0.3
url:http://plugins.svn.wordpress.org/bradesco-gateway/trunk/bradesco-gateway.php
Trust: 0.3
url:http://www.wordpress.org/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-65918 // 
            
            
            
            BID: 62617 // 
            
            
            
            JVNDB: JVNDB-2013-006419 // 
            
            
            
            CNNVD: CNNVD-201309-451 // 
            
            
            
            NVD: CVE-2013-5916

CREDITS
Alexandro Silva
Trust: 0.9
sources:
            
            
            BID: 62617 // 
            
            
            
            CNNVD: CNNVD-201309-451

SOURCES
db:VULHUBid:VHN-65918
db:BIDid:62617
db:JVNDBid:JVNDB-2013-006419
db:CNNVDid:CNNVD-201309-451
db:NVDid:CVE-2013-5916

LAST UPDATE DATE
2025-04-12T23:35:14.944000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-65918date:2014-05-09T00:00:00
db:BIDid:62617date:2013-09-23T00:00:00
db:JVNDBid:JVNDB-2013-006419date:2014-05-12T00:00:00
db:CNNVDid:CNNVD-201309-451date:2014-05-12T00:00:00
db:NVDid:CVE-2013-5916date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-65918date:2014-05-08T00:00:00
db:BIDid:62617date:2013-09-23T00:00:00
db:JVNDBid:JVNDB-2013-006419date:2014-05-12T00:00:00
db:CNNVDid:CNNVD-201309-451date:2013-09-26T00:00:00
db:NVDid:CVE-2013-5916date:2014-05-08T15:55:02.983