Lucene search
PRIOn knowledge basePRION:CVE-2008-5278HistoryNov 28, 2008 - 7:30 p.m.
Cross site scripting
2008-11-2819:30:00
PRIOn knowledge base
www.prio-n.com
2
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
References
osvdb.org/50214
secunia.com/advisories/32882
secunia.com/advisories/32966
securityreason.com/securityalert/4662
wordpress.org/development/2008/11/wordpress-265/
www.securityfocus.com/archive/1/498652
www.securityfocus.com/bid/32476
exchange.xforce.ibmcloud.com/vulnerabilities/46882
www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
Related
cve
cve
CVE-2008-5278
2008-11-28 19:30:00
freebsd
freebsd
wordpress -- header rss feed script insertion vulnerability
2008-11-26 00:00:00
nessus
nessus
Fedora 9 : wordpress-2.6.5-2.fc9 (2008-10483)
2008-12-03 00:00:00
Fedora 8 : wordpress-2.6.5-2.fc8 (2008-10468)
2008-12-03 00:00:00
Fedora 10 : wordpress-2.6.5-2.fc10 (2008-10482)
2009-04-23 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-mu-2.6.5-1.fc10
2008-12-21 08:21:29
[SECURITY] Fedora 9 Update: wordpress-2.6.5-2.fc9
2008-12-03 01:09:47
[SECURITY] Fedora 10 Update: wordpress-2.6.5-2.fc10
2008-12-03 01:20:59
openvas
openvas
Fedora Update for wordpress FEDORA-2008-10482
2009-02-16 00:00:00
FreeBSD Ports: wordpress, de-wordpress, wordpress-mu
2008-12-03 00:00:00
Fedora Update for wordpress FEDORA-2008-10483
2009-02-16 00:00:00
cvelist
cvelist
CVE-2008-5278
2008-11-28 19:00:00
nvd
nvd
CVE-2008-5278
2008-11-28 19:30:00
checkpoint_advisories
checkpoint_advisories
WordPress RSS feed Generator self_link HTTP_HOST Cross-Site Scripting (CVE-2008-5278)
2009-09-30 00:00:00
Update Protection against WordPress Host Header XSS Vulnerability
2008-12-05 00:00:00
patchstack
patchstack
WordPress RSS Feed Generator Plugin <= 2.6.4 - XSS
2008-11-28 00:00:00
ubuntucve
ubuntucve
CVE-2008-5278
2008-11-28 00:00:00
debiancve
debiancve
CVE-2008-5278
2008-11-28 19:30:00