CVE-2015-3440

Currently unrated

Key Information:

Vendor: Wordpress
Status: Debian Linux
Vendor: CVE Published:; 3 August 2015

Summary

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.

References

https://www.exploit-db.com/exploits/36844/

exploitx_refsource_EXPLOIT-DB

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

http://codex.wordpress.org/Version_4.2.1

x_refsource_CONFIRM

EPSS Score

64% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 3, 2015
Vulnerability Reserved
Apr 28, 2015