Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).

- Mon Dec 1 2008 Bret McMillan <bretm at redhat.com> -     2.6.5-1

    - Update to 2.6.5

    -       http://wordpress.org/development/2008/11/wordpress-265       /

    - http://ocaoimh.ie/2008/11/25/wordpress-mu-265/

    - Fixes 1 XSS security issue, 3 bugs

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

http://wordpress.org/development/2008/11/wordpress-265/

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of WordPress installed on the remote host fails to completely sanitize input to the the 'Host' request header before using it in the 'self_link()' function in 'wp-includes/feed.php' to generate dynamic HTML output.  An attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

The version of WordPress installed on the remote host fails to properly sanitize input to the 'Host' request header before using it in the 'self_link()' function in 'wp-includes/feed.php' to generate dynamic HTML output. An attacker can leverage this issue to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.

Secunia reports :

Input passed via the HTTP 'Host' header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.

ID	Name	Product	Family	Severity
37255	Fedora 10 : wordpress-mu-2.6.5-1.fc10 (2008-11104)	Nessus	Fedora Local Security Checks	medium
36853	Fedora 10 : wordpress-2.6.5-2.fc10 (2008-10482)	Nessus	Fedora Local Security Checks	medium
35013	Fedora 9 : wordpress-2.6.5-2.fc9 (2008-10483)	Nessus	Fedora Local Security Checks	medium
35012	Fedora 8 : wordpress-2.6.5-2.fc8 (2008-10468)	Nessus	Fedora Local Security Checks	medium
4775	WordPress < 2.6.5 'feed.php' XSS	Nessus Network Monitor	CGI	medium
34994	WordPress wp-includes/feed.php self_link() Function Host Header RSS Feed XSS	Nessus	CGI abuses : XSS	medium
34978	FreeBSD : wordpress -- header rss feed script insertion vulnerability (622bc638-be27-11dd-a578-0030843d3802)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2008-5278

medium

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium