WordPress KSES Library Cross Site Scripting Vulnerability Network Vulnerability

Summary

The host is running WordPress and is prone to Cross site scripting vulnerability.

Impact

Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed. Impact Level: Application

Solution

Upgrade to WordPress version 3.0.4 or later For updates refer to http://wordpress.org/download/

Insight

The flaw is caused by input validation errors in the 'KSES HTML/XHTML' filter (wp-includes/kses.php) when processing user-supplied data, which could be exploited by attackers to execute arbitrary script code on the user's browser session in the security context of an affected site.

Affected

WordPress versions prior to 3.0.4

References

http://core.trac.wordpress.org/changeset/17172/branches/3.0
http://secunia.com/advisories/42755
http://wordpress.org/news/2010/12/3-0-4-update/
http://www.vupen.com/english/advisories/2010/3335

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4536
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Continuum Cross Site Scripting Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
3Com NBX VoIP NetSet Detection
Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities