CVE-2013-2201Cross-site Scripting in Wordpress

CWE-79Cross-site Scripting7 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.7%
top 26.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedJul 8
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 3.5.2+dfsg-1 (bookworm)
Debianwordpress/wordpress< 3.5.2+dfsg-1+3
NVDwordpress/wordpress3.5.1+74

🔴Vulnerability Details

2
GHSA
GHSA-8rr8-9498-4v45: Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 32022-05-17
OSV
CVE-2013-2201: Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 32013-07-08

📋Vendor Advisories

1
Debian
CVE-2013-2201: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 al...2013

💬Community

3
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version [epel-all]2013-06-22
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version [fedora-all]2013-06-22
Bugzilla
CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version2013-06-21
CVE-2013-2201 — Cross-site Scripting in Wordpress | cvebase