| Vulnerability Name: | CVE-2015-3440 (CCN-105363) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2015-04-26 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2015-04-26 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2016-12-06 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: UNKNOWN http://codex.wordpress.org/Version_4.2.1 Source: MITRE Type: CNA CVE-2015-3440 Source: FEDORA Type: UNKNOWN FEDORA-2015-6778 Source: FEDORA Type: UNKNOWN FEDORA-2015-6808 Source: FEDORA Type: UNKNOWN FEDORA-2015-6790 Source: OSVDB Type: UNKNOWN 121320 Source: MISC Type: Exploit http://packetstormsecurity.com/files/131644/WordPress-4.2-Cross-Site-Scripting.html Source: CCN Type: Full Disclosure Mailing List, Sun, 26 Apr 2015 23:13:31 +0300 WordPress 4.2 stored XSS Source: FULLDISC Type: Exploit 20150426 WordPress 4.2 stored XSS Source: DEBIAN Type: UNKNOWN DSA-3250 Source: BID Type: UNKNOWN 74334 Source: CCN Type: BID-74334 WordPress Comment Section HTML Injection Vulnerability Source: SECTRACK Type: UNKNOWN 1032199 Source: CONFIRM Type: UNKNOWN https://core.trac.wordpress.org/changeset/32299 Source: XF Type: UNKNOWN wordpress-cve20153440-xss(105363) Source: MISC Type: Exploit https://klikki.fi/adv/wordpress2.html Source: CCN Type: WordPress Web site WordPress Blog Tool, Publishing Platform, and CMS Source: CONFIRM Type: Patch, Vendor Advisory https://wordpress.org/news/2015/04/wordpress-4-2-1/ Source: MISC Type: UNKNOWN https://wpvulndb.com/vulnerabilities/7945 Source: EXPLOIT-DB Type: Exploit 36844 Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-3440 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||