Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-3438

Опубликовано: 05 авг. 2015
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*
Версия до 4.1.1 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.02061
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2015-3438

ubuntu
около 10 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

debian логотип

CVE-2015-3438

debian
около 10 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...

github логотип

GHSA-cv8p-7fxf-fmqr

github
около 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

EPSS

Процентиль: 83%
0.02061
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79