CVE-2015-10093

A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability.

CVSS v3.0 5.4 MEDIUM

5.4^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62	Patch
https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2	Release Notes
https://vuldb.com/?id.222325	Third Party Advisory
https://vuldb.com/?ctiid.222325	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.0:::::wordpress::
	cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.1:::::wordpress::

Information

Published : 2023-03-05 23:15

Updated : 2023-03-10 14:43

NVD link : CVE-2015-10093

Mitre link : CVE-2015-10093

JSON object : View

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

Products Affected

mark_user_as_spammer_project

mark_user_as_spammer

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62", "name": "https://github.com/korobochkin/mark-user-as-spammer/commit/e7059727274d2767c240c55c02c163eaa4ba6c62", "tags": ["Patch"], "refsource": "MISC"}, {"url": "https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2", "name": "https://github.com/korobochkin/mark-user-as-spammer/releases/tag/v1.0.2", "tags": ["Release Notes"], "refsource": "MISC"}, {"url": "https://vuldb.com/?id.222325", "name": "https://vuldb.com/?id.222325", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://vuldb.com/?ctiid.222325", "name": "https://vuldb.com/?ctiid.222325", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in Mark User as Spammer Plugin 1.0.0/1.0.1. It has been declared as problematic. Affected by this vulnerability is the function user_row_actions of the file plugin/plugin.php. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is e7059727274d2767c240c55c02c163eaa4ba6c62. It is recommended to upgrade the affected component. The identifier VDB-222325 was assigned to this vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-10093", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}}, "publishedDate": "2023-03-06T07:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.0:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:mark_user_as_spammer_project:mark_user_as_spammer:1.0.1:*:*:*:*:wordpress:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-03-10T22:43Z"}