Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2008-5278HistoryNov 28, 2008 - 7:30 p.m.
CVE-2008-5278
2008-11-2819:30:00
Debian Security Bug Tracker
security-tracker.debian.org
7
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.512 Medium
EPSS
Percentile
97.6%
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | wordpress | < 2.5.1-11 | wordpress_2.5.1-11_all.deb |
| Debian | 11 | all | wordpress | < 2.5.1-11 | wordpress_2.5.1-11_all.deb |
| Debian | 999 | all | wordpress | < 2.5.1-11 | wordpress_2.5.1-11_all.deb |
| Debian | 13 | all | wordpress | < 2.5.1-11 | wordpress_2.5.1-11_all.deb |
Related
cve
cve
CVE-2008-5278
2008-11-28 19:30:00
freebsd
freebsd
wordpress -- header rss feed script insertion vulnerability
2008-11-26 00:00:00
nessus
nessus
Fedora 9 : wordpress-2.6.5-2.fc9 (2008-10483)
2008-12-03 00:00:00
Fedora 8 : wordpress-2.6.5-2.fc8 (2008-10468)
2008-12-03 00:00:00
Fedora 10 : wordpress-2.6.5-2.fc10 (2008-10482)
2009-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-mu-2.6.5-1.fc10
2008-12-21 08:21:29
[SECURITY] Fedora 9 Update: wordpress-2.6.5-2.fc9
2008-12-03 01:09:47
[SECURITY] Fedora 10 Update: wordpress-2.6.5-2.fc10
2008-12-03 01:20:59
openvas
openvas
Fedora Update for wordpress FEDORA-2008-10482
2009-02-16 00:00:00
FreeBSD Ports: wordpress, de-wordpress, wordpress-mu
2008-12-03 00:00:00
Fedora Update for wordpress FEDORA-2008-10483
2009-02-16 00:00:00
cvelist
cvelist
CVE-2008-5278
2008-11-28 19:00:00
prion
prion
Cross site scripting
2008-11-28 19:30:00
nvd
nvd
CVE-2008-5278
2008-11-28 19:30:00
checkpoint_advisories
checkpoint_advisories
WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting (CVE-2008-5278)
2009-09-30 00:00:00
Update Protection against WordPress Host Header XSS Vulnerability
2008-12-05 00:00:00
patchstack
patchstack
WordPress RSS Feed Generator Plugin <= 2.6.4 - XSS
2008-11-28 00:00:00
ubuntucve
ubuntucve
CVE-2008-5278
2008-11-28 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.512 Medium
EPSS
Percentile
97.6%
Related for DEBIANCVE:CVE-2008-5278