Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-5240HistoryAug 18, 2014 - 11:15 a.m.
CVE-2014-5240
2014-08-1811:15:27
Debian Security Bug Tracker
security-tracker.debian.org
14
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
36.5%
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | wordpress | < 3.9.2+dfsg-1 | wordpress_3.9.2+dfsg-1_all.deb |
| Debian | 11 | all | wordpress | < 3.9.2+dfsg-1 | wordpress_3.9.2+dfsg-1_all.deb |
| Debian | 10 | all | wordpress | < 3.9.2+dfsg-1 | wordpress_3.9.2+dfsg-1_all.deb |
| Debian | 999 | all | wordpress | < 3.9.2+dfsg-1 | wordpress_3.9.2+dfsg-1_all.deb |
| Debian | 13 | all | wordpress | < 3.9.2+dfsg-1 | wordpress_3.9.2+dfsg-1_all.deb |
Related
patchstack
patchstack
WordPress <= 3.9.1 - XSS
2014-08-14 00:00:00
prion
prion
Cross site scripting
2014-08-18 11:15:00
cve
cve
CVE-2014-5240
2014-08-18 11:15:27
ubuntucve
ubuntucve
CVE-2014-5240
2014-08-18 00:00:00
nvd
nvd
CVE-2014-5240
2014-08-18 11:15:27
wpvulndb
wpvulndb
WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
2014-09-16 18:15:20
cvelist
cvelist
CVE-2014-5240
2014-08-18 10:00:00
osv
osv
wordpress - security update
2014-08-09 00:00:00
wordpress - security update
2014-09-17 00:00:00
nessus
nessus
Fedora 20 : wordpress-3.9.2-3.fc20 (2014-9264)
2014-08-22 00:00:00
Debian DSA-3001-1 : wordpress - security update
2014-08-10 00:00:00
Debian DLA-56-1 : wordpress security update
2015-03-26 00:00:00
openvas
openvas
Debian Security Advisory DSA 3001-1 (wordpress - security update)
2014-08-09 00:00:00
Debian: Security Advisory (DLA-56-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3001-1)
2014-08-08 00:00:00
debian
debian
[SECURITY] [DLA 56-1] wordpress security update
2014-09-17 12:05:09
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
36.5%
Related for DEBIANCVE:CVE-2014-5240