CVE-2008-5278

Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
wordpresswordpress
𝑥
≤ 2.6.3
wordpresswordpress
0.6.2
wordpresswordpress
0.6.2:beta_2
wordpresswordpress
0.6.2.1
wordpresswordpress
0.6.2.1:beta_2
wordpresswordpress
0.7
wordpresswordpress
0.71
wordpresswordpress
0.71-gold
wordpresswordpress
0.72
wordpresswordpress
0.72:beta1
wordpresswordpress
0.72:beta2
wordpresswordpress
0.72:rc1
wordpresswordpress
0.711
wordpresswordpress
1.0
wordpresswordpress
1.0-platinum
wordpresswordpress
1.0.1
wordpresswordpress
1.0.1-miles
wordpresswordpress
1.0.2
wordpresswordpress
1.0.2-blakey
wordpresswordpress
1.2
wordpresswordpress
1.2:beta
wordpresswordpress
1.2-delta
wordpresswordpress
1.2-mingus
wordpresswordpress
1.2.1
wordpresswordpress
1.2.2
wordpresswordpress
1.3.1
wordpresswordpress
1.4
wordpresswordpress
1.5
wordpresswordpress
1.5-strayhorn
wordpresswordpress
1.5.1
wordpresswordpress
1.5.1.1
wordpresswordpress
1.5.1.2
wordpresswordpress
1.5.1.3
wordpresswordpress
1.5.2
wordpresswordpress
1.6
wordpresswordpress
2.0
wordpresswordpress
2.0.1
wordpresswordpress
2.0.2
wordpresswordpress
2.0.3
wordpresswordpress
2.0.4
wordpresswordpress
2.0.5
wordpresswordpress
2.0.6
wordpresswordpress
2.0.7
wordpresswordpress
2.0.8
wordpresswordpress
2.0.9
wordpresswordpress
2.0.10
wordpresswordpress
2.0.10_rc1:_rc1
wordpresswordpress
2.0.10_rc2:_rc2
wordpresswordpress
2.0.11
wordpresswordpress
2.1
wordpresswordpress
2.1:alpha_3
wordpresswordpress
2.1.1
wordpresswordpress
2.1.2
wordpresswordpress
2.1.3
wordpresswordpress
2.1.3_rc1:_rc1
wordpresswordpress
2.1.3_rc2:_rc2
wordpresswordpress
2.2
wordpresswordpress
2.2.0
wordpresswordpress
2.2.1
wordpresswordpress
2.2.2
wordpresswordpress
2.2.3
wordpresswordpress
2.2_revision5002:_revision5002
wordpresswordpress
2.2_revision5003:_revision5003
wordpresswordpress
2.3
wordpresswordpress
2.3:beta3
wordpresswordpress
2.3:rc1
wordpresswordpress
2.3.1
wordpresswordpress
2.3.1:rc1
wordpresswordpress
2.3.2
wordpresswordpress
2.3.3
wordpresswordpress
2.5
wordpresswordpress
2.5.1
wordpresswordpress
2.6
wordpresswordpress
2.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wordpress
bullseye (security)
5.7.11+dfsg1-0+deb11u1
fixed
bullseye
5.7.11+dfsg1-0+deb11u1
fixed
etch
not-affected
bookworm
6.1.6+dfsg1-0+deb12u1
fixed
bookworm (security)
6.1.6+dfsg1-0+deb12u1
fixed
sid
6.6.1+dfsg1-1
fixed
trixie
6.6.1+dfsg1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wordpress
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://osvdb.org/50214
http://secunia.com/advisories/32882
http://secunia.com/advisories/32966
http://securityreason.com/securityalert/4662
http://wordpress.org/development/2008/11/wordpress-265/
http://www.securityfocus.com/archive/1/498652
http://www.securityfocus.com/bid/32476
https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html
http://osvdb.org/50214
http://secunia.com/advisories/32882
http://secunia.com/advisories/32966
http://securityreason.com/securityalert/4662
http://wordpress.org/development/2008/11/wordpress-265/
http://www.securityfocus.com/archive/1/498652
http://www.securityfocus.com/bid/32476
https://exchange.xforce.ibmcloud.com/vulnerabilities/46882
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00000.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00176.html