CVE-2013-0236 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting11 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 38.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress

Timeline

PublishedJul 8

Latest updateMay 5

Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/wordpress< wordpress 3.5.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.5.1+dfsg-1+3

▶NVDwordpress/wordpress3.5.0+73

Patches

Patch: core.trac.wordpress.org ↗Patch: core.trac.wordpress.org ↗Patch: core.trac.wordpress.org ↗

🔴Vulnerability Details

GHSA

GHSA-wwqr-4v22-f2qm: Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3↗2022-05-05

▶

OSV

CVE-2013-0236: Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3↗2013-07-08

▶

📋Vendor Advisories

Debian

CVE-2013-0236: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 al...↗2013

▶

💬Community

Bugzilla

CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)↗2013-02-03

▶

Bugzilla

CVE-2013-1481 Oracle JDK: unspecified vulnerability fixed in 6u39 (Sound)↗2013-02-03

▶

Bugzilla

CVE-2012-3213 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Scripting)↗2013-02-03

▶

Bugzilla

CVE-2013-0430 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Install)↗2013-02-01

▶

Bugzilla

CVE-2013-0235 CVE-2013-0236 CVE-2013-0237 wordpress various flaws [fedora-all]↗2013-01-25

▶