CVE-2010-4536
EPSS 3.9%
Description
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
How to fix CVE-2010-4536
To remediate CVE-2010-4536, upgrade the affected package to a fixed version below.
- Debian/wordpress—upgrade to 3.0.4+dfsg-1 or later
Is CVE-2010-4536 being exploited?
Low — EPSS is 3.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.0.4+dfsg-1