CVE-2015-9501
Medium
Low
Medium
High
Critical
6.1
CVSS Score
Vulnerability Description
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
R
Scope
C
Confidentiality
L
Integrity
L
Availability
N
Known Affected Software
16 configuration(s) from 1 vendor(s)
artificial_intelligence
Version:
1.2.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.3:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.1.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.1:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.6
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.6:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.1:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.4
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.4:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.2:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.3:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.4
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.4:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.1.3
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.3:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.2.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.0:alpha1:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.0:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.5
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.5:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.2.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.2.2:*:*:*:*:wordpress:*:*
artificial_intelligence
Version:
1.0.2
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.2:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.0.1
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.0.1:*:*:*:*:drupal:*:*
artificial_intelligence
Version:
1.1.0
CPE:
cpe:2.3:a:artificial_intelligence_project:artificial_intelligence:1.1.0:beta1:*:*:*:drupal:*:*
This vulnerability affects 16 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eaccve@mitre.org Patch Third Party Advisory
-
https://wpvulndb.com/vulnerabilities/7994cve@mitre.org Third Party Advisory
-
https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eacaf854a3a-2127-422b-91ae-364da2661108 Patch Third Party Advisory
-
https://wpvulndb.com/vulnerabilities/7994af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
Severity Details
6.1
out of 10.0
Medium
Weakness Type (CWE)
CWE-79
Top 25 #1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- Description
- The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- October 22, 2019
