Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2011-3858

Published: 28/09/2011 Updated: 14/02/2024
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Pixiv Custom

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme prior to 2.1.6 for WordPress allows remote malicious users to inject arbitrary web script or HTML via the s parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

zespia pixiv_custom

zespia pixiv_custom 1.0

zespia pixiv_custom 1.0.1

zespia pixiv_custom 1.0.2

zespia pixiv_custom 1.1

zespia pixiv_custom 1.1.1

zespia pixiv_custom 1.1.2

zespia pixiv_custom 1.1.3

zespia pixiv_custom 1.1.4

zespia pixiv_custom 1.1.5

zespia pixiv_custom 1.1.6

zespia pixiv_custom 1.1.7

zespia pixiv_custom 1.1.9

zespia pixiv_custom 1.1.10

zespia pixiv_custom 1.1.11

zespia pixiv_custom 1.1.12

zespia pixiv_custom 1.1.13

zespia pixiv_custom 1.1.14

zespia pixiv_custom 1.2.0

zespia pixiv_custom 1.2.1

zespia pixiv_custom 1.3.0

zespia pixiv_custom 1.3.1

zespia pixiv_custom 2.0

zespia pixiv_custom 2.0.2

zespia pixiv_custom 2.0.4

zespia pixiv_custom 2.0.7

zespia pixiv_custom 2.1.0

zespia pixiv_custom 2.1.1

zespia pixiv_custom 2.1.2

zespia pixiv_custom 2.1.3

zespia pixiv_custom 2.1.4

Exploits

Exploit DB: WordPress Theme Pixiv Custom Theme 2.1.5 - 'cpage' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/49875/info The Pixiv Custom theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This c ...

References

CWE-79https://sitewat.ch/en/Advisories/16https://nvd.nist.govhttps://www.exploit-db.com/exploits/36185/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook