CVE-2016-6634

Loading...

General

Score:4.3/10.0
Severity:Low
Category:XSS Injection
Exploit:Available

Impact Metrics

Confidentiality:None
Integrity:Partial
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2015-8834, CVE-2016-4029, CVE-2016-5836, CVE-2016-6635, CVE-2016-7168, CVE-2016-7169

Published on 07/08/16 - Updated on 04/11/17

Description

Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Category: XSS Injection

CWE-79 (Cross-Site Scripting (XSS))
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Security Notices

US National Vulnerability DatabaseCVE-2016-6634
Debian DSA-3681-1
Debian LTSDLA-633-1

Exploits

SecurityFocusBID-92390

Relative technologies

VendorProduct
wordpresswordpress

Share this vulnerability with:

Twitter Facebook LinkedIn Mail