Your submission was sent successfully! Close

CVE-2015-8834

Published: 22 May 2016

Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440.

Priority

High

CVSS 3 base score: 6.1

Status

Package Release Status
wordpress
Launchpad, Ubuntu, Debian
Upstream
Released (4.1+dfsg-1+deb8u17)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needed)