Lucene search
Veracode Vulnerability DatabaseVERACODE:21506HistorySep 12, 2019 - 11:36 p.m.
Cross-site Scripting (XSS)
2019-09-1223:36:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.011 Low
EPSS
Percentile
84.2%
wordpress is vulnerable to cross-site scripting (XSS). The attack is due to lack of sanitization of the output in wp_ajax_upload_attachment(), allowing an attacker to inject arbitrary script through it.
References
core.trac.wordpress.org/changeset/45936
github.com/WordPress/WordPress/commit/4315d85d6576959f58a6a072249ed319bbea295d
lists.debian.org/debian-lts-announce/2019/10/msg00023.html
seclists.org/bugtraq/2020/Jan/8
wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
www.debian.org/security/2020/dsa-4599
www.debian.org/security/2020/dsa-4677
Related
ubuntucve
ubuntucve
CVE-2019-16217
2019-09-11 00:00:00
nvd
nvd
CVE-2019-16217
2019-09-11 14:15:11
prion
prion
Cross site scripting
2019-09-11 14:15:00
debiancve
debiancve
CVE-2019-16217
2019-09-11 14:15:11
cve
cve
CVE-2019-16217
2019-09-11 14:15:11
osv
osv
CVE-2019-16217
2019-09-11 14:15:11
wordpress - security update
2019-10-16 00:00:00
wordpress - security update
2020-01-08 00:00:00
cvelist
cvelist
CVE-2019-16217
2019-09-11 13:07:40
nessus
nessus
Debian DLA-1960-1 : wordpress security update
2019-10-18 00:00:00
Debian DSA-4599-1 : wordpress - security update
2020-01-09 00:00:00
debian
debian
[SECURITY] [DLA 1960-1] wordpress security update
2019-10-17 20:21:46
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
[SECURITY] [DSA 4599-1] wordpress security update
2020-01-08 05:47:13
openvas
openvas
WordPress Multiple Vulnerabilities (Sep 2019) - Linux
2019-09-09 00:00:00
WordPress Multiple Vulnerabilities (Sep 2019) - Windows
2019-09-09 00:00:00
Debian: Security Advisory (DLA-1960-1)
2019-10-18 00:00:00