CVE-2011-0700
Published: 14 March 2011
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (1) the Quick/Bulk Edit title (aka post title or post_title), (2) post_status, (3) comment_status, (4) ping_status, and (5) escaping of tags within the tags meta box.
Priority
Status
Package | Release | Status |
---|---|---|
wordpress Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
lucid |
Ignored
(end of life)
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Not vulnerable
(3.0.5+dfsg-1ubuntu1)
|
|
oneiric |
Not vulnerable
(3.0.5+dfsg-1ubuntu1)
|
|
precise |
Not vulnerable
(3.0.5+dfsg-1ubuntu1)
|
|
quantal |
Not vulnerable
(3.0.5+dfsg-1ubuntu1)
|
|
raring |
Not vulnerable
(3.0.5+dfsg-1ubuntu1)
|
|
saucy |
Not vulnerable
(3.0.5+dfsg-1ubuntu1)
|
|
upstream |
Released
(3.0.5)
|