Showing 1 - 1 of 1

CVE-2015-3438

Status Candidate

Overview

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

Related Files

Debian Security Advisory 3250-1: Posted May 4, 2015; Authored by Debian | Site debian.org; Debian Linux Security Advisory 3250-1 - Multiple security issues have been discovered in Wordpress, a weblog manager, that could allow remote attackers to upload files with invalid or unsafe names, mount social engineering attacks or compromise a site via cross-site scripting, and inject SQL commands.; tags | advisory, remote, xss; systems | linux, debian; advisories | CVE-2015-3438, CVE-2015-3439, CVE-2015-3440; SHA-256 | 8a63e1356ff37d5d6050e466480d4500d650c1dedba1a7d91b55c8ca3791bb2f; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 58 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2015-3438

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems