CVE-2010-4536 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

3.9%

top 11.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJan 3

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.0.4+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.0.4+dfsg-1+3

▶NVDwordpress/wordpress3.0.3

Patches

Patch: core.trac.wordpress.org ↗Patch: wordpress.org ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-x7cw-w76m-9h8q: Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3↗2022-05-17

▶

OSV

CVE-2010-4536: Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3↗2011-01-03

▶

📋Vendor Advisories

Debian

CVE-2010-4536: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPres...↗2010

▶

💬Community

Bugzilla

CVE-2010-4536 Wordpress: XSS flaw in HTML sanitation library↗2011-01-03

▶