CVE-2015-5714 Information
Share on:Description
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.debian.org/security/2015/dsa-3375 http://www.debian.org/security/2015/dsa-3383 http://www.securityfocus.com/bid/76745 http://www.securitytracker.com/id/1033979 https://codex.wordpress.org/Version_4.3.1 https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8 https://security-tracker.debian.org/tracker/CVE-2015-5714 https://wordpress.org/news/2015/09/wordpress-4-3-1/ https://wpvulndb.com/vulnerabilities/8186
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1