Zurück zur CVE-Übersicht
CVE-2014-9035
MEDIUM(4.3)AV:N/AC:M/Au:N/C:N/I:P/A:N
Risk Signal Score11/100 — NIEDRIG
- CVSS 4.3 — Mittel
EPSS-Score
2%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4.3
Technische Schwere
Beschreibung
Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Referenzen
- http://advisories.mageia.org/MGASA-2014-0493.html
- http://openwall.com/lists/oss-security/2014/11/25/12
- http://www.debian.org/security/2014/dsa-3085
- http://www.mandriva.com/security/advisories?name=MDVSA-2014:233
- http://www.securityfocus.com/bid/71236
- http://www.securitytracker.com/id/1031243
- https://wordpress.org/news/2014/11/wordpress-4-0-1/
- http://advisories.mageia.org/MGASA-2014-0493.html
- http://openwall.com/lists/oss-security/2014/11/25/12
- http://www.debian.org/security/2014/dsa-3085