CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3891 – WordPress Core <= 2.8.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3891
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable). Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en wp-admin/press-this.php en WordPress anteriores a v2.8.6 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través del parámetro "s" (también conocido como variable selección). • http://core.trac.wordpress.org/attachment/ticket/11119/press-this-xss-bug-11-10-2009.patch http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff http://core.trac.wordpress.org/ticket/11119 http://secunia.com/advisories/37332 http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release http://www.openwall.com/lists/oss-security/2009/11/15/2 http://www.openwall.com/lists/oss-security/2009/11/15/3 http://www.openwall.com/lists/oss-secu • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2011-0700 – WordPress Core <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-0700
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Wordpress en versiones anteriores a v3.0.5, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro (1) Quick/Bulk Edit title (también conocido como post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, y (5)saliendo de tags sin usar tags meta box . • http://codex.wordpress.org/Version_3.0.5 http://core.trac.wordpress.org/changeset/17397 http://core.trac.wordpress.org/changeset/17401 http://core.trac.wordpress.org/changeset/17406 http://core.trac.wordpress.org/changeset/17412 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056412.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056998.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/057003.html http://openwall.com/lists&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •