Lucene search

K
ubuntucveUbuntu.comUB:CVE-2014-5240
HistoryAug 18, 2014 - 12:00 a.m.

CVE-2014-5240

2014-08-1800:00:00
ubuntu.com
ubuntu.com
13

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

36.4%

Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in
WordPress before 3.9.2, when Multisite is enabled, allows remote
authenticated administrators to inject arbitrary web script or HTML, and
obtain Super Admin privileges, via a crafted avatar URL.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchwordpress< 3.8.2+dfsg-1ubuntu0.1UNKNOWN

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

36.4%