Control: retitle -1 wordpress: CVE-2019-9787: Comments may create a XSS On Thu, Mar 14, 2019 at 09:20:05PM +1100, Craig Small wrote: > Source: wordpress > Version: 5.0.3+dfsg1-1 > Severity: important > Tags: security > > This release also includes a pair of security fixes that handle how > comments are filtered and then stored in the database. With a > maliciously crafted comment, a WordPress post was vulnerable to > cross-site scripting. > > WordPress versions 5.1 and earlier are affected by these bugs, which > are fixed in version 5.1.1. Updated versions of WordPress 5.0 and > earlier are also available for any users who have not yet updated to > 5.1.
CVE-2019-9787 has been assigned for this issue. Regards, Salvatore