Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-236-1 wordpress security update
Debian DSA Debian DSA DSA-3085-1 wordpress security update
EUVD EUVD EUVD-2014-8864 Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-06T13:33:13.392Z

Reserved: 2014-11-20T00:00:00

Link: CVE-2014-9036

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2014-11-25T23:59:07.163

Modified: 2025-04-12T10:46:40.837

Link: CVE-2014-9036

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.