CVE-2015-9523

{"id": "CVE-2015-9523", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-10-23T17:15:12.130", "references": [{"url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Easy Digital Downloads (EDD) Recommended Products extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused."}, {"lang": "es", "value": "La extensi\u00f3n Recommended Products de Easy Digital Downloads (EDD) para WordPress, como es usada con EDD versiones 1.8.x anteriores a 1.8.7, versiones 1.9.x anteriores a 1.9.10, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.11, versiones 2.2.x anteriores a 2.2.9, y versiones 2.3.x anteriores a 2.3.7, presenta una vulnerabilidad de tipo XSS porque el par\u00e1metro add_query_arg es usado inapropiadamente."}], "lastModified": "2025-02-07T19:44:53.660", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "FF9FEDCE-C0AE-4045-B71B-59D4FCA1F769", "versionEndExcluding": "1.8.7", "versionStartIncluding": "1.8"}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "AB250869-BD89-4639-9D18-708032CC3251", "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9"}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "069AA087-DA95-4BD1-973F-B53E0DD8E658", "versionEndExcluding": "2.0.5", "versionStartIncluding": "2.0"}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4BA7E3D6-4B3F-4C5C-B7B4-B3F716CB4045", "versionEndExcluding": "2.1.11", "versionStartIncluding": "2.1"}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "449E6BE0-6A82-4FD4-8F48-865B35DCE0FA", "versionEndExcluding": "2.2.9", "versionStartIncluding": "2.2"}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "0ED07242-1A2A-4F42-ABDD-46642EA07E44", "versionEndExcluding": "2.3.7", "versionStartIncluding": "2.3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:easydigitaldownloads:recommended_products:-:*:*:*:*:easy_digital_downloads:*:*", "vulnerable": true, "matchCriteriaId": "988E9486-36F6-4714-86EC-FCDF6D1E2D9F"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}