Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2015-3438

Опубликовано: 05 авг. 2015
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3

Описание

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

4.4.2+dfsg-1ubuntu1
devel

not-affected

4.4.2+dfsg-1ubuntu1
esm-apps/bionic

not-affected

4.4.2+dfsg-1ubuntu1
esm-apps/xenial

not-affected

4.4.2+dfsg-1ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was not-affected]
lucid

not-affected

precise

not-affected

precise/esm

DNE

precise was not-affected
trusty

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 81%
0.01607
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

nvd логотип

CVE-2015-3438

nvd
около 10 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

debian логотип

CVE-2015-3438

debian
около 10 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in WordPress befor ...

github логотип

GHSA-cv8p-7fxf-fmqr

github
около 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

EPSS

Процентиль: 81%
0.01607
Низкий

4.3 Medium

CVSS2