Launchpad CVE tracker

CVE 2013-0236

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.

Related bugs and status

CVE-2013-0236 (Candidate) is related to these bugs:

Bug #1221040: Sync wordpress 3.6.1 (universe) from Debian stable-security

		In	Importance	Status
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu)	High	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Precise)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Quantal)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Raring)	High	Won't Fix
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Debian)	Unknown	Fix Released
1221040	Sync wordpress 3.6.1 (universe) from Debian stable-security	wordpress (Ubuntu Saucy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-0236

References