Описание
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
Ссылки
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchVendor Advisory
- Mailing ListPatchThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
EPSS
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used i ...
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
EPSS
4.3 Medium
CVSS2