Details of VAR-202301-0328

ID

VAR-202301-0328

CVE

CVE-2015-10013

TITLE

WebDevStudios taxonomy-switcher Cross-site scripting vulnerability in plugins

Trust: 0.8

sources: JVNDB: JVNDB-2015-008674

DESCRIPTION

A vulnerability was found in WebDevStudios taxonomy-switcher Plugin up to 1.0.3 on WordPress. It has been classified as problematic. Affected is the function taxonomy_switcher_init of the file taxonomy-switcher.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.4 is able to address this issue. It is recommended to upgrade the affected component. VDB-217446 is the identifier assigned to this vulnerability. WebDevStudios taxonomy-switcher A cross-site scripting vulnerability exists in the plugin.Information may be obtained and information may be tampered with

Trust: 1.8

sources: NVD: CVE-2015-10013 // JVNDB: JVNDB-2015-008674 // VULHUB: VHN-450526 // VULMON: CVE-2015-10013

AFFECTED PRODUCTS

vendor:	webdevstudios	model:	taxonomy switcher	scope:	lt	version:	1.0.4	Trust: 1.0
vendor:	webdevstudios	model:	taxonomy switcher	scope:	eq	version:	1.0.3 to	Trust: 0.8
vendor:	webdevstudios	model:	taxonomy switcher	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2015-008674 // NVD: CVE-2015-10013

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2015-10013
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2015-10013
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2015-008674
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202301-310
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2015-10013
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2015-008674
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

cna@vuldb.com:	CVE-2015-10013
baseSeverity:	LOW
baseScore:	3.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.1
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2015-10013
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2015-008674
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2015-008674 // CNNVD: CNNVD-202301-310 // NVD: CVE-2015-10013 // NVD: CVE-2015-10013

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: VULHUB: VHN-450526 // JVNDB: JVNDB-2015-008674 // NVD: CVE-2015-10013

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-310

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202301-310

PATCH

title:	1.0.4	url:	https://github.com/WebDevStudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099	Trust: 0.8
title:	Taxonomy Switcher Fixes for cross-site scripting vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=221092	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2015-10013	Trust: 0.1

sources: VULMON: CVE-2015-10013 // JVNDB: JVNDB-2015-008674 // CNNVD: CNNVD-202301-310

EXTERNAL IDS

db:	NVD	id:	CVE-2015-10013	Trust: 3.4
db:	VULDB	id:	217446	Trust: 2.6
db:	JVNDB	id:	JVNDB-2015-008674	Trust: 0.8
db:	CNNVD	id:	CNNVD-202301-310	Trust: 0.6
db:	VULHUB	id:	VHN-450526	Trust: 0.1
db:	VULMON	id:	CVE-2015-10013	Trust: 0.1

sources: VULHUB: VHN-450526 // VULMON: CVE-2015-10013 // JVNDB: JVNDB-2015-008674 // CNNVD: CNNVD-202301-310 // NVD: CVE-2015-10013

REFERENCES

url:	https://vuldb.com/?id.217446	Trust: 2.6
url:	https://github.com/webdevstudios/taxonomy-switcher/commit/e1a0d99f936e7427b31e210c67aeb4833d804099	Trust: 1.8
url:	https://github.com/webdevstudios/taxonomy-switcher/releases/tag/1.0.4	Trust: 1.8
url:	https://vuldb.com/?ctiid.217446	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-10013	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2015-10013/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2015-10013	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-450526 // VULMON: CVE-2015-10013 // JVNDB: JVNDB-2015-008674 // CNNVD: CNNVD-202301-310 // NVD: CVE-2015-10013

SOURCES

db:	VULHUB	id:	VHN-450526
db:	VULMON	id:	CVE-2015-10013
db:	JVNDB	id:	JVNDB-2015-008674
db:	CNNVD	id:	CNNVD-202301-310
db:	NVD	id:	CVE-2015-10013

LAST UPDATE DATE

2024-08-14T15:32:21.203000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-450526	date:	2023-01-11T00:00:00
db:	VULMON	id:	CVE-2015-10013	date:	2023-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-008674	date:	2023-04-11T06:58:00
db:	CNNVD	id:	CNNVD-202301-310	date:	2023-01-12T00:00:00
db:	NVD	id:	CVE-2015-10013	date:	2024-05-17T01:02:57.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-450526	date:	2023-01-05T00:00:00
db:	VULMON	id:	CVE-2015-10013	date:	2023-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-008674	date:	2023-04-11T00:00:00
db:	CNNVD	id:	CNNVD-202301-310	date:	2023-01-05T00:00:00
db:	NVD	id:	CVE-2015-10013	date:	2023-01-05T10:15:09.100