Candidate: CVE-2008-5278
PublicDate: 2008-11-28 19:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5278
Description:
 Cross-site scripting (XSS) vulnerability in the self_link function in in
 the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5
 allows remote attackers to inject arbitrary web script or HTML via the Host
 header (HTTP_HOST variable).
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507193
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: released (2.5.1-11)
dapper_wordpress: ignored (reached end-of-life)
gutsy_wordpress: needed (reached end-of-life)
hardy_wordpress: ignored (reached end-of-life)
intrepid_wordpress: needed (reached end-of-life)
jaunty_wordpress: not-affected (2.5.1-11ubuntu1)
karmic_wordpress: not-affected (2.5.1-11ubuntu1)
lucid_wordpress: not-affected (2.5.1-11ubuntu1)
maverick_wordpress: not-affected (2.5.1-11ubuntu1)
natty_wordpress: not-affected (2.5.1-11ubuntu1)
oneiric_wordpress: not-affected (2.5.1-11ubuntu1)
devel_wordpress: not-affected (2.5.1-11ubuntu1)