CVE-2013-0237 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting32 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 37.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Moxiecode Plupload +1 more

Timeline

PublishedJul 8

Latest updateMay 5

Description

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDmoxiecode/plupload1.5.4+8

▶debiandebian/wordpress< wordpress 3.5.1+dfsg-1 (bookworm)

▶Debianwordpress/wordpress< 3.5.1+dfsg-1+3

▶NVDwordpress/wordpress3.5.0+73

Also affects: Fedora 16, 17, 18

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-v2m5-2mm5-8v3w: Cross-site scripting (XSS) vulnerability in Plupload↗2022-05-05

▶

OSV

CVE-2013-0237: Cross-site scripting (XSS) vulnerability in Plupload↗2013-07-08

▶

📋Vendor Advisories

Debian

CVE-2013-0237: wordpress - Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload be...↗2013

▶

💬Community

Bugzilla

CVE-2013-0409 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JMX)↗2013-02-03

▶

Bugzilla

CVE-2013-1479 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (JavaFX)↗2013-02-03

▶

Bugzilla

CVE-2013-0437 Oracle JDK: unspecified vulnerability fixed in 7u13 (2D)↗2013-02-03

▶

Bugzilla

CVE-2013-0446 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)↗2013-02-01

▶

Bugzilla

CVE-2013-0351 Oracle JDK: unspecified vulnerability fixed in 6u39 and 7u13 (Deployment)↗2013-02-01

▶