Vulnerability Description
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Wordpress | <= 2.6.3 |
Related Weaknesses (CWE)
References
- http://osvdb.org/50214
- http://secunia.com/advisories/32882
- http://secunia.com/advisories/32966
- http://securityreason.com/securityalert/4662
- http://wordpress.org/development/2008/11/wordpress-265/PatchVendor Advisory
- http://www.securityfocus.com/archive/1/498652Exploit
- http://www.securityfocus.com/bid/32476
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.h
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.h
- http://osvdb.org/50214
- http://secunia.com/advisories/32882
- http://secunia.com/advisories/32966
- http://securityreason.com/securityalert/4662
- http://wordpress.org/development/2008/11/wordpress-265/PatchVendor Advisory
FAQ
What is CVE-2008-5278?
CVE-2008-5278 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script...
How severe is CVE-2008-5278?
CVE-2008-5278 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5278?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Wordpress.