Описание
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | not-affected | 4.0.1+dfsg-1 |
| bionic | not-affected | 4.0.1+dfsg-1 |
| cosmic | not-affected | 4.0.1+dfsg-1 |
| devel | not-affected | 4.0.1+dfsg-1 |
| disco | not-affected | 4.0.1+dfsg-1 |
| esm-apps/bionic | not-affected | 4.0.1+dfsg-1 |
| esm-apps/xenial | not-affected | 4.0.1+dfsg-1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
Cross-site scripting (XSS) vulnerability in the wptexturize function i ...
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.
EPSS
4.3 Medium
CVSS2