CVE-2020-28038 — Cross-site Scripting in Wordpress

CWE-79 — Cross-site Scripting10 documents5 sources

Severity

6.1MEDIUMNVD

OSV4.4

EPSS

16.0%

top 5.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Linux Kernel Debian Wordpress +2 more

Timeline

PublishedNov 2

Latest updateMay 24

Description

WordPress before 5.5.2 allows stored XSS via post slugs.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶debiandebian/wordpress< wordpress 5.5.3+dfsg1-1 (bookworm)

▶NVDwordpress/wordpress< 5.5.2

▶Debianwordpress/wordpress< 5.5.3+dfsg1-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-73.82

Also affects: Debian Linux 10.0, 9.0, Fedora 31, 32, 33

🔴Vulnerability Details

GHSA

GHSA-mwxx-w555-5h5m: WordPress before 5↗2022-05-24

▶

OSV

linux-raspi, linux-raspi-5.4 vulnerabilities↗2021-05-19

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-kvm, linux-oracle, linux-oracle-5.↗2021-05-11

▶

OSV

linux-oem-5.10 vulnerabilities↗2021-04-13

▶

OSV

CVE-2020-28038: WordPress before 5↗2020-11-02

▶

📋Vendor Advisories

Debian

CVE-2020-28038: wordpress - WordPress before 5.5.2 allows stored XSS via post slugs.↗2020

▶

💬Community

Bugzilla

CVE-2020-28038 wordpress: stored XSS in post slugs [fedora-all]↗2020-11-05

▶

Bugzilla

CVE-2020-28038 wordpress: stored XSS in post slugs [epel-all]↗2020-11-05

▶

Bugzilla

CVE-2020-28038 wordpress: stored XSS in post slugs↗2020-11-05

▶