Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2851Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
3.0%
top 13.45%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedAug 18
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 2.8.3-1 (bookworm)
Debianwordpress/wordpress< 2.8.3-1+3

Patches

Patch: wordpress.orgPatch: wordpress.org

🔴Vulnerability Details

2
GHSA
GHSA-9q3x-8xjm-8642: Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 22022-05-02
OSV
CVE-2009-2851: Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 22009-08-18

💥Exploits & PoCs

1
Exploit-DB
WordPress Core 2.8.1 - 'url' Cross-Site Scripting2009-07-24

📋Vendor Advisories

2
Red Hat
WordPress: XSS via unescaped HTML URLs as author comments in the admin page2009-02-20
Debian
CVE-2009-2851: wordpress - Cross-site scripting (XSS) vulnerability in the administrator interface in WordP...2009

💬Community

2
Bugzilla
CVE-2009-3641 Snort: DoS (crash) while printing specially-crafted IPv6 packet using the -v option2009-10-25
Bugzilla
CVE-2009-2851 WordPress: XSS via unescaped HTML URLs as author comments in the admin page2009-07-21
CVE-2009-2851 — Cross-site Scripting in Wordpress | cvebase