FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- header rss feed script insertion vulnerability

Affected packages
de-wordpress < 2.6.5
wordpress < 2.6.5
wordpress-mu < 2.6.5
0 < zh-wordpress

Details

VuXML ID 622bc638-be27-11dd-a578-0030843d3802
Discovery 2008-11-26
Entry 2008-11-29
Modified 2010-05-02

Secunia reports:

Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.

References

CVE Name CVE-2008-5278
URL http://secunia.com/advisories/32882/
URL http://wordpress.org/development/2008/11/wordpress-265/