CVE-2014-9031

Sažetak

Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post.

Reference

http://advisories.mageia.org/MGASA-2014-0493.html
http://klikki.fi/adv/wordpress.html
http://openwall.com/lists/oss-security/2014/11/25/12
http://seclists.org/fulldisclosure/2014/Nov/62
http://www.debian.org/security/2014/dsa-3085
http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
http://www.securityfocus.com/bid/71237
http://www.securitytracker.com/id/1031243
https://wordpress.org/news/2014/11/wordpress-4-0-1/

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

05-10-2015 - 21:43

Objavljeno

25-11-2014 - 23:59