NVD Vulnerability Detail

CVE-2013-5978

Summary	Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
Publication Date	Dec. 12, 2019, 4:15 a.m.
Registration Date	Jan. 26, 2021, 3:46 p.m.
Last Update	Nov. 21, 2024, 10:58 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:cart66:cart66_lite_plugin::-::::wordpress::			1.5.1.14

Related information, measures and tools

No	URL	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2013-10/0048.html	Broken Link
2	http://archives.neohapsis.com/archives/bugtraq/2013-10/0048.html	Broken Link
3	http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
4	http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html	Exploit Third Party Advisory VDB Entry
5	http://seclists.org/bugtraq/2013/Oct/52	Mailing List Third Party Advisory
6	http://seclists.org/bugtraq/2013/Oct/52	Mailing List Third Party Advisory
7	http://wordpress.org/plugins/cart66-lite/changelog	Release Notes Third Party Advisory
8	http://wordpress.org/plugins/cart66-lite/changelog	Release Notes Third Party Advisory
9	http://www.exploit-db.com/exploits/28959	Exploit Third Party Advisory VDB Entry
10	http://www.exploit-db.com/exploits/28959	Exploit Third Party Advisory VDB Entry
11	http://www.securityfocus.com/bid/62977	Third Party Advisory VDB Entry
12	http://www.securityfocus.com/bid/62977	Third Party Advisory VDB Entry
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/87873	Third Party Advisory VDB Entry
14	https://exchange.xforce.ibmcloud.com/vulnerabilities/87873	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

JVN Vulnerability Information

WordPress 用 Cart66 Lite プラグインにおけるクロスサイトスクリプティングの脆弱性

Title	WordPress 用 Cart66 Lite プラグインにおけるクロスサイトスクリプティングの脆弱性
Summary	WordPress 用 Cart66 Lite プラグインには、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	情報を取得される、および情報を改ざんされる可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Oct. 2, 2013, midnight
Registration Date	Dec. 19, 2019, 10:08 a.m.
Last Update	Dec. 19, 2019, 10:08 a.m.

Affected System

Reality66

Cart66 Lite 1.5.1.15 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-5978	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5978
National Vulnerability Database (NVD)
2	CVE-2013-5978	https://nvd.nist.gov/vuln/detail/CVE-2013-5978

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	Name	URL
WordPress Plugin Directory
1	cart66-lite	https://wordpress.org/plugins/cart66-lite/#developers

その他

No	Name	URL
関連文書
1	WordPress Cart66 1.5.1.14 Cross Site Request Forgery / Cross Site Scripting	https://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Change Log

No	Changed Details	Date of change
1	[2019年12月19日] 掲載	Dec. 19, 2019, 10:08 a.m.