CVE-2010-5294 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 27.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJan 21

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.0.2-1 (bookworm)

▶Debianwordpress/wordpress< 3.0.2-1+3

▶NVDwordpress/wordpress3.0.1+46

Patches

Patch: core.trac.wordpress.org ↗Patch: core.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-3qv6-q4gp-2pm4: Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file↗2022-05-17

▶

OSV

CVE-2010-5294: Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file↗2014-01-21

▶

📋Vendor Advisories

Debian

CVE-2010-5294: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_cr...↗2010

▶