Back to search
CVE-2011-0700
Published: Mar 14, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2011-3746
vendor-advisory
x_refsource_FEDORA
http://codex.wordpress.org/Version_3.0.5
x_refsource_CONFIRM
ADV-2011-0658
vdb-entry
x_refsource_VUPEN
43729
third-party-advisory
x_refsource_SECUNIA
FEDORA-2011-3408
vendor-advisory
x_refsource_FEDORA
46249
vdb-entry
x_refsource_BID
http://core.trac.wordpress.org/changeset/17412
x_refsource_CONFIRM
http://core.trac.wordpress.org/changeset/17401
x_refsource_CONFIRM
http://www.wordpress.org/news/2011/02/wordpress-3-0-5/
x_refsource_CONFIRM
[oss-security] 20110209 Re: CVE request: wordpress before 3.0.5
mailing-list
x_refsource_MLIST
FEDORA-2011-3738
vendor-advisory
x_refsource_FEDORA
[oss-security] 20110209 CVE request: wordpress before 3.0.5
mailing-list
x_refsource_MLIST
ADV-2011-0721
vdb-entry
x_refsource_VUPEN
http://core.trac.wordpress.org/changeset/17406
x_refsource_CONFIRM
DSA-2190
vendor-advisory
x_refsource_DEBIAN
http://core.trac.wordpress.org/changeset/17397
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now