Lucene search
Ubuntu.comUB:CVE-2014-5240HistoryAug 18, 2014 - 12:00 a.m.
CVE-2014-5240
2014-08-1800:00:00
ubuntu.com
ubuntu.com
13
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
36.4%
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in
WordPress before 3.9.2, when Multisite is enabled, allows remote
authenticated administrators to inject arbitrary web script or HTML, and
obtain Super Admin privileges, via a crafted avatar URL.
Bugs
Related
wpvulndb
wpvulndb
WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
2014-09-16 18:15:20
cvelist
cvelist
CVE-2014-5240
2014-08-18 10:00:00
patchstack
patchstack
WordPress <= 3.9.1 - XSS
2014-08-14 00:00:00
prion
prion
Cross site scripting
2014-08-18 11:15:00
debiancve
debiancve
CVE-2014-5240
2014-08-18 11:15:27
cve
cve
CVE-2014-5240
2014-08-18 11:15:27
nvd
nvd
CVE-2014-5240
2014-08-18 11:15:27
nessus
nessus
Debian DLA-56-1 : wordpress security update
2015-03-26 00:00:00
Fedora 19 : wordpress-3.9.2-3.fc19 (2014-9270)
2014-08-23 00:00:00
Debian DSA-3001-1 : wordpress - security update
2014-08-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3001-1)
2014-08-08 00:00:00
Debian Security Advisory DSA 3001-1 (wordpress - security update)
2014-08-09 00:00:00
Debian: Security Advisory (DLA-56-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 56-1] wordpress security update
2014-09-17 12:05:46
osv
osv
wordpress - security update
2014-08-09 00:00:00
wordpress - security update
2014-09-17 00:00:00
2.1 Low
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
36.4%
Related for UB:CVE-2014-5240