Candidate: CVE-2013-0237
PublicDate: 2013-07-08 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0237
 http://wordpress.org/news/2013/01/wordpress-3-5-1/
Description:
 Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode
 plupload before 1.5.5, as used in WordPress before 3.5.1 and other
 products, allows remote attackers to inject arbitrary web script or HTML
 via the id parameter.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698929
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: released (3.5.1+dfsg-1)
hardy_wordpress: ignored (reached end-of-life)
lucid_wordpress: ignored (reached end-of-life)
oneiric_wordpress: ignored (reached end-of-life)
precise_wordpress: ignored (reached end-of-life)
precise/esm_wordpress: DNE (precise was needed)
quantal_wordpress: ignored (reached end-of-life)
raring_wordpress: not-affected (3.5.1+dfsg-2)
saucy_wordpress: not-affected (3.5.1+dfsg-2)
trusty_wordpress: not-affected (3.5.1+dfsg-2)
trusty/esm_wordpress: DNE (trusty was not-affected [3.5.1+dfsg-2])
utopic_wordpress: not-affected (3.5.1+dfsg-2)
vivid_wordpress: not-affected (3.5.1+dfsg-2)
vivid/stable-phone-overlay_wordpress: DNE
vivid/ubuntu-core_wordpress: DNE
wily_wordpress: not-affected (3.5.1+dfsg-2)
xenial_wordpress: not-affected (3.5.1+dfsg-2)
yakkety_wordpress: not-affected (3.5.1+dfsg-2)
zesty_wordpress: not-affected (3.5.1+dfsg-2)
devel_wordpress: not-affected (3.5.1+dfsg-2)