CVE-2015-5714
MEDIUM6.1EPSS 30.6%wordpress - security update
發布日:2016/5/22修改日:2026/5/27
描述
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
受影響套件(3)
- Debian/wordpressfrom 0, < 4.3.1+dfsg-1
- Debian/wordpressfrom 0, < 3.6.1+dfsg-1~deb6u8
- Debian/wordpressfrom 0, < 4.1+dfsg-1+deb8u5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |