CVE-2016-10993
published 2019-09-17CVE-2016-10993: The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
PriorityP433medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
2.72%
84.2th percentile
The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scoreme_project | scoreme | <= 2016-04-01 | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
ScoreMe Theme - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2016-10993 [MEDIUM] ScoreMe Theme - Cross-Site Scripting
ScoreMe Theme - Cross-Site Scripting
WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Template:
id: CVE-2016-10993
info:
name: ScoreMe Theme - Cross-Site Scripting
author: daffainfo
severity: medium
description: |
WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the att
No writeups or analysis indexed.
2019-09-17
Published