Описание
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.6.1+dfsg-1 |
| esm-apps/xenial | not-affected | 3.6.1+dfsg-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.6.1+dfsg-1]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | ignored | end of life |
| saucy | not-affected | 3.6.1+dfsg-1 |
| trusty | not-affected | 3.6.1+dfsg-1 |
Показывать по
EPSS
3.5 Low
CVSS2
Связанные уязвимости
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.
The default configuration of WordPress before 3.6.1 does not prevent u ...
The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php.
EPSS
3.5 Low
CVSS2