|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-05 | |
| Rule Name: | WordPress RSS Feed Generator Cross Site Scripting attack Vulnerability (CVE-2008-5278) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable). | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:32476 http://securityreason.com/securityalert/4662 http://wordpress.org/development/2008/11/wordpress-265/ http://www.securityfocus.com/archive/1/498652 |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://www.securityfocus.com/bid/32476/solution |