CVE-2009-2851

Опубликовано: 18 авг. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

Ссылки

http://bugs.gentoo.org/show_bug.cgi?id=278492
Issue Tracking
Third Party Advisory
http://securitytracker.com/id?1022589
Third Party Advisory
VDB Entry
http://wordpress.org/development/2009/07/wordpress-2-8-2/
Patch
Vendor Advisory
http://www.debian.org/security/2009/dsa-1871
Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/07/21/1
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=512900
Issue Tracking
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01241.html
Mailing List
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01253.html
Mailing List
Third Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=278492
Issue Tracking
Third Party Advisory
http://securitytracker.com/id?1022589
Third Party Advisory
VDB Entry
http://wordpress.org/development/2009/07/wordpress-2-8-2/
Patch
Vendor Advisory
http://www.debian.org/security/2009/dsa-1871
Third Party Advisory
http://www.openwall.com/lists/oss-security/2009/07/21/1
Mailing List
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=512900
Issue Tracking
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01241.html
Mailing List
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01253.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Версия до 2.8.1 (включая)

EPSS

Процентиль: 84%

0.02221

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2009-2851

ubuntu

почти 16 лет назад

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

CVE-2009-2851

redhat

больше 16 лет назад

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

CVE-2009-2851

debian

почти 16 лет назад

Cross-site scripting (XSS) vulnerability in the administrator interfac ...

GHSA-9q3x-8xjm-8642

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

EPSS

Процентиль: 84%

0.02221

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79