CVE-2008-5278Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
3.2%
top 13.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedNov 28
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.5.1-11 (bookworm)
Debianwordpress/wordpress< 2.5.1-11+3
NVDwordpress/wordpress2.6.3+63

Patches

Patch: wordpress.orgPatch: wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-ggp3-c542-qp4x: Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed2022-05-17
OSV
CVE-2008-5278: Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed2008-11-28

📋Vendor Advisories

2
Red Hat
wordpress-mu: XSS vulnerability in RSS Feed Generator2008-11-25
Debian
CVE-2008-5278: wordpress - Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS...2008

💬Community

1
Bugzilla
CVE-2008-5278 wordpress, wordpress-mu: XSS vulnerability in RSS Feed Generator2008-11-29
CVE-2008-5278 — Cross-site Scripting in Wordpress | cvebase