Lucene search

MitreCVE-2015-5732

HistoryNov 09, 2015 - 11:59 a.m.

CVE-2015-5732

2015-11-0911:59:04

CWE-79

mitre

web.nvd.nist.gov

cve-2015-5732

cross-site scripting

xss

vulnerability

wp_nav_menu_widget

wordpress

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.013

Percentile

86.1%

JSON

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.

Affected configurations

Nvd

Node

wordpresswordpressRange≤4.2.3

VendorProductVersionCPE
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	wordpress	*	cpe:2.3:a:wordpress:wordpress::::::::

References

openwall.com/lists/oss-security/2015/08/04/7

www.debian.org/security/2015/dsa-3332

www.debian.org/security/2015/dsa-3383

www.securityfocus.com/bid/76160

www.securitytracker.com/id/1033178

codex.wordpress.org/Version_4.2.4

core.trac.wordpress.org/changeset/33529

wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

wpvulndb.com/vulnerabilities/8131

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.013

Percentile

86.1%

JSON

Related for CVE-2015-5732