Description

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

Remediation

References

CVE-2008-5278

Related Vulnerabilities

WordPress Plugin Google Forms Unspecified Vulnerability (0.93)

WordPress Plugin WP Job Manager Privilege Escalation (1.34.3)

WordPress Plugin Import all XML, CSV & TXT into WordPress Unspecified Vulnerability (3.7.2)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-3370)

Seo Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-34117)

Severity

Medium

Classification

CVE-2008-5278 CWE-707

Tags

Missing Update Known Vulnerabilities