|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-06-25 | |
| Rule Name: | WordPress KSES Bypass Cross Site Scripting (XSS) Vulnerability (CVE-2015-5714) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:76745 http://www.debian.org/security/2015/dsa-3375 http://www.debian.org/security/2015/dsa-3383 SecurityTrackerID:1033979 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://wordpress.org/news/2015/09/wordpress-4-3-1/ |