CVE-2010-4536
EPSS 3.9%Published: 1/3/2011Modified: 5/27/2026
Description
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
Affected packages (1)
- Debian/wordpressfrom 0, < 3.0.4+dfsg-1