Candidate: CVE-2013-2201
PublicDate: 2013-07-08 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2201
 http://codex.wordpress.org/Version_3.5.2
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in WordPress before
 3.5.2 allow remote attackers to inject arbitrary web script or HTML via
 vectors involving (1) uploads of media files, (2) editing of media files,
 (3) installation of plugins, (4) updates to plugins, (5) installation of
 themes, or (6) updates to themes.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713947
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: released (3.5.2+dfsg-1)
lucid_wordpress: ignored (reached end-of-life)
precise_wordpress: ignored (reached end-of-life)
precise/esm_wordpress: DNE (precise was needs-triage)
quantal_wordpress: ignored (reached end-of-life)
raring_wordpress: ignored (reached end-of-life)
saucy_wordpress: not-affected (3.5.2+dfsg-1)
trusty_wordpress: not-affected (3.5.2+dfsg-1)
trusty/esm_wordpress: DNE (trusty was not-affected [3.5.2+dfsg-1])
utopic_wordpress: not-affected (3.5.2+dfsg-1)
vivid_wordpress: not-affected (3.5.2+dfsg-1)
vivid/stable-phone-overlay_wordpress: DNE
vivid/ubuntu-core_wordpress: DNE
wily_wordpress: not-affected (3.5.2+dfsg-1)
xenial_wordpress: not-affected (3.5.2+dfsg-1)
yakkety_wordpress: not-affected (3.5.2+dfsg-1)
zesty_wordpress: not-affected (3.5.2+dfsg-1)
devel_wordpress: not-affected (3.5.2+dfsg-1)