{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-23T16:12:35", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2015-9508", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/", "refsource": "MISC", "url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:51:05.247Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-9508", "datePublished": "2019-10-23T16:12:35", "dateReserved": "2019-10-14T00:00:00", "dateUpdated": "2024-08-06T08:51:05.247Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "FF9FEDCE-C0AE-4045-B71B-59D4FCA1F769", "versionEndExcluding": "1.8.7", "versionStartIncluding": "1.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "AB250869-BD89-4639-9D18-708032CC3251", "versionEndExcluding": "1.9.10", "versionStartIncluding": "1.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "069AA087-DA95-4BD1-973F-B53E0DD8E658", "versionEndExcluding": "2.0.5", "versionStartIncluding": "2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "4BA7E3D6-4B3F-4C5C-B7B4-B3F716CB4045", "versionEndExcluding": "2.1.11", "versionStartIncluding": "2.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "449E6BE0-6A82-4FD4-8F48-865B35DCE0FA", "versionEndExcluding": "2.2.9", "versionStartIncluding": "2.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:awesomemotive:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "0ED07242-1A2A-4F42-ABDD-46642EA07E44", "versionEndExcluding": "2.3.7", "versionStartIncluding": "2.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:easydigitaldownloads:commissions:-:*:*:*:*:easy_digital_downloads:*:*", "matchCriteriaId": "ED2CD1F4-4CCD-4D4C-8999-9DB043DCD068", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Easy Digital Downloads (EDD) Commissions extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused."}, {"lang": "es", "value": "La extensi\u00f3n Commissions de Easy Digital Downloads (EDD) para WordPress, como es usada con EDD versiones 1.8.x anteriores a 1.8.7, versiones 1.9.x anteriores a 1.9.10, versiones 2.0.x anteriores a 2.0.5, versiones 2.1.x anteriores a 2.1.11, versiones 2.2.x anteriores a 2.2.9, y versiones 2.3.x anteriores a 2.3.7, presenta una vulnerabilidad de tipo XSS porque el par\u00e1metro add_query_arg es usado inapropiadamente."}], "id": "CVE-2015-9508", "lastModified": "2025-02-07T19:44:53.660", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "[email protected]", "type": "Primary"}]}, "published": "2019-10-23T17:15:11.147", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://web.archive.org/web/20160921003517/https://easydigitaldownloads.com/blog/security-fix-released/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Primary"}]}

{}