Lucene search

[email protected]CVE-2015-5622

HistoryAug 03, 2015 - 2:59 p.m.

CVE-2015-5622

2015-08-0314:59:01

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-5622

cross-site scripting

xss

wordpress

remote authenticated users

arbitrary web script

html

author role

contributor role

crafted shortcode

html element

kses.php

shortcodes.php

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the Author or Contributor role to place a crafted shortcode inside an HTML element, related to wp-includes/kses.php and wp-includes/shortcodes.php.

Affected configurations

NVD

Node

wordpresswordpressRange≤4.2.2

Node

debiandebian_linuxMatch8.0

CPENameOperatorVersion
wordpress:wordpresswordpressle4.2.2

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	le	4.2.2

References

codex.wordpress.org/Version_4.2.3

openwall.com/lists/oss-security/2015/07/23/18

www.debian.org/security/2015/dsa-3328

www.debian.org/security/2015/dsa-3332

www.debian.org/security/2015/dsa-3383

www.securityfocus.com/bid/76011

www.securitytracker.com/id/1033037

core.trac.wordpress.org/changeset/33359

klikki.fi/adv/wordpress3.html

wordpress.org/news/2015/07/wordpress-4-2-3/

wpvulndb.com/vulnerabilities/8111

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.3%

JSON

Related for CVE-2015-5622

prion1 debian8 cvelist1 hackerone1 nvd1 debiancve1 ubuntucve1 freebsd1 nessus8 wpvulndb1 openvas10 wpexploit1 mageia1 securityvulns4 osv5 fedora2