Back to search
CVE-2009-3891
Published: Nov 17, 2009
Modified: Sep 16, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
37332
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20091116 Re: CVE request: Wordpress 2.8.6
mailing-list
x_refsource_MLIST
http://wordpress.org/development/2009/11/wordpress-2-8-6-security-release/
x_refsource_CONFIRM
59959
vdb-entry
x_refsource_OSVDB
[oss-security] 20091115 Re: CVE request: Wordpress 2.8.6
mailing-list
x_refsource_MLIST
http://core.trac.wordpress.org/ticket/11119
x_refsource_CONFIRM
[oss-security] 20091115 CVE request: Wordpress 2.8.6
mailing-list
x_refsource_MLIST
http://core.trac.wordpress.org/attachment/ticket/11119/press-this.002.diff
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now