[Git][security-tracker-team/security-tracker][master] CVE-2024-4439/wordpress assigned

Fri, 03 May 2024 13:39:55 -0700 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
591128e4 by Salvatore Bonaccorso at 2024-05-03T22:39:10+02:00
CVE-2024-4439/wordpress assigned

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,8 +2,6 @@ CVE-2024-4466 (SQL injection vulnerability in Gescen on the 
centrosdigitales.net
        NOT-FOR-US: Gescen
 CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync 
versions prior ...)
        NOT-FOR-US: SugarSync
-CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via 
user d ...)
-       TODO: check
 CVE-2024-4433 (Improper Neutralization of Input During Web Page Generation 
('Cross-si ...)
        NOT-FOR-US: WordPress plugin
 CVE-2024-4406 (Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting 
Remote ...)
@@ -6904,10 +6902,12 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome 
prior to 124.0.6367.60 a
        - chromium 124.0.6367.60-1
        [bullseye] - chromium <end-of-life> (see #1061268)
        [buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-XXXX [Stored XSS in Avatar block]
+CVE-2024-4439 [Stored XSS in Avatar block]
        - wordpress 6.5.2+dfsg1-1 (bug #1069091)
        NOTE: 
https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
        NOTE: 
https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
+       NOTE: 
https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=57950%40%2F&new=57950%40%2F&sfp_email=&sfph_mail=#file3
+       NOTE: 
https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php
 CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames 
that wo ...)
        {DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1}
        - firefox 125.0.1-1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/591128e4da25a08130801c3d7613b0d22c2adb87

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/591128e4da25a08130801c3d7613b0d22c2adb87
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to