Lucene search

PRIOn knowledge basePRION:CVE-2015-5732

HistoryNov 09, 2015 - 11:59 a.m.

Cross site scripting

2015-11-0911:59:00

PRIOn knowledge base

www.prio-n.com

5.9 Medium

AI Score

Confidence

High

0.013 Low

EPSS

Percentile

86.1%

JSON

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.

CPENameOperatorVersion
wordpressle4.2.3

CPE	Name	Operator	Version
	wordpress	le	4.2.3

References

openwall.com/lists/oss-security/2015/08/04/7

www.debian.org/security/2015/dsa-3332

www.debian.org/security/2015/dsa-3383

www.securityfocus.com/bid/76160

www.securitytracker.com/id/1033178

codex.wordpress.org/Version_4.2.4

core.trac.wordpress.org/changeset/33529

wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/

wpvulndb.com/vulnerabilities/8131