Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-5738HistorySep 12, 2013 - 1:30 p.m.
CVE-2013-5738
2013-09-1213:30:00
Debian Security Bug Tracker
security-tracker.debian.org
13
0.002 Low
EPSS
Percentile
61.5%
The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | wordpress | < 3.6.1+dfsg-1 | wordpress_3.6.1+dfsg-1_all.deb |
| Debian | 11 | all | wordpress | < 3.6.1+dfsg-1 | wordpress_3.6.1+dfsg-1_all.deb |
| Debian | 10 | all | wordpress | < 3.6.1+dfsg-1 | wordpress_3.6.1+dfsg-1_all.deb |
| Debian | 999 | all | wordpress | < 3.6.1+dfsg-1 | wordpress_3.6.1+dfsg-1_all.deb |
| Debian | 13 | all | wordpress | < 3.6.1+dfsg-1 | wordpress_3.6.1+dfsg-1_all.deb |
Related
ubuntucve
ubuntucve
CVE-2013-5738
2013-09-12 00:00:00
seebug
seebug
WordPress get_allowed_mime_types函数(wp-includes/functions.php)存在跨站脚本漏洞
2013-09-16 00:00:00
patchstack
patchstack
WordPress <= 3.6.0 - Cross Site Scripting #2
2013-09-11 00:00:00
cvelist
cvelist
CVE-2013-5738
2013-09-12 10:00:00
prion
prion
Cross site scripting
2013-09-12 13:30:00
cve
cve
CVE-2013-5738
2013-09-12 13:30:00
wpvulndb
wpvulndb
WordPress 3.6 - HTML File Upload Cross-Site Scripting (XSS)
2014-08-01 00:00:00
debian
debian
[SECURITY] [DSA 2757-1] wordpress security update
2013-09-14 09:15:12
securityvulns
securityvulns
[ MDVSA-2013:239 ] wordpress
2013-10-02 00:00:00
nessus
nessus
WordPress < 3.6.1 Multiple Vulnerabilities
2013-09-19 00:00:00
Debian DSA-2757-1 : wordpress - several vulnerabilities
2013-09-15 00:00:00
Mandriva Linux Security Advisory : wordpress (MDVSA-2013:239)
2013-09-20 00:00:00
openvas
openvas
Debian Security Advisory DSA 2757-1 (wordpress - several vulnerabilities)
2013-09-14 00:00:00
Debian: Security Advisory (DSA-2757-1)
2013-09-13 00:00:00
Mageia: Security Advisory (MGASA-2013-0285)
2022-01-28 00:00:00
freebsd
freebsd
wordpress -- multiple vulnerabilities
2013-09-11 00:00:00
osv
osv
wordpress - several
2013-09-14 00:00:00
mageia
mageia
Updated wordpress and php-phpmailer packages fix security vulnerabilities
2013-09-19 13:45:04