admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#3021

Browse Source 
Auto-merge PR#3021
This commit is contained in:
CVE Team 2020-01-08 21:25:17 -05:00 committed by GitHub
commit 7eacdc1650
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 95 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
2019/16xxx/CVE-2019-16788.json Normal file
View File

@ -0,0 +1,95 @@
{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2019-16788",
"STATE": "PUBLIC",
"TITLE": "Stored cross-site scripting (XSS) in WordPress through 'wp_targeted_link_rel'"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WordPress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "< 3.5.1",
"version_value": "3.5.1"
}
]
}
}
]
},
"vendor_name": "WordPress"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WordPress versions from 3.7 to 5.3.0, authenticated users who do not have the rights to publish a post are able to mark posts as sticky or unsticky via the REST API. For example, the contributor role does not have such rights, but this allowed them to bypass that.\n\nThis has been patched in WordPress 5.3.1, along with all the previous WordPress versions from 3.7 to 5.3 via a minor release. Automatic updates are enabled by default for minor releases and we strongly recommend that you keep them enabled."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw"
},
{
"name": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/",
"refsource": "MISC",
"url": "https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/"
},
{
"name": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9",
"refsource": "MISC",
"url": "https://github.com/WordPress/wordpress-develop/commit/1d1d5be7aa94608c04516cac4238e8c22b93c1d9"
}
]
},
"source": {
"advisory": "GHSA-g7rg-hchx-c2gw",
"discovery": "UNKNOWN"
}
}