CVE-2015-5732

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:33

Type Values Removed Values Added
References () http://openwall.com/lists/oss-security/2015/08/04/7 - () http://openwall.com/lists/oss-security/2015/08/04/7 -
References () http://www.debian.org/security/2015/dsa-3332 - () http://www.debian.org/security/2015/dsa-3332 -
References () http://www.debian.org/security/2015/dsa-3383 - () http://www.debian.org/security/2015/dsa-3383 -
References () http://www.securityfocus.com/bid/76160 - () http://www.securityfocus.com/bid/76160 -
References () http://www.securitytracker.com/id/1033178 - () http://www.securitytracker.com/id/1033178 -
References () https://codex.wordpress.org/Version_4.2.4 - Patch, Vendor Advisory () https://codex.wordpress.org/Version_4.2.4 - Patch, Vendor Advisory
References () https://core.trac.wordpress.org/changeset/33529 - () https://core.trac.wordpress.org/changeset/33529 -
References () https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ - Patch, Vendor Advisory () https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ - Patch, Vendor Advisory
References () https://wpvulndb.com/vulnerabilities/8131 - () https://wpvulndb.com/vulnerabilities/8131 -

Information

Published : 2015-11-09 11:59

Updated : 2024-11-21 02:33


NVD link : CVE-2015-5732

Mitre link : CVE-2015-5732

CVE.ORG link : CVE-2015-5732


JSON object : View

Products Affected

wordpress

  • wordpress
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')