[Git][security-tracker-team/security-tracker][master] CVE-2024-4439/wordpress assigned

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 3 21:39:47 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
591128e4 by Salvatore Bonaccorso at 2024-05-03T22:39:10+02:00
CVE-2024-4439/wordpress assigned

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2,8 +2,6 @@ CVE-2024-4466 (SQL injection vulnerability in Gescen on the centrosdigitales.net
 	NOT-FOR-US: Gescen
 CVE-2024-4461 (Unquoted path or search item vulnerability in SugarSync versions prior ...)
 	NOT-FOR-US: SugarSync
-CVE-2024-4439 (WordPress Core is vulnerable to Stored Cross-Site Scripting via user d ...)
-	TODO: check
 CVE-2024-4433 (Improper Neutralization of Input During Web Page Generation ('Cross-si ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-4406 (Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote ...)
@@ -6904,10 +6902,12 @@ CVE-2024-3832 (Object corruption in V8 in Google Chrome prior to 124.0.6367.60 a
 	- chromium 124.0.6367.60-1
 	[bullseye] - chromium <end-of-life> (see #1061268)
 	[buster] - chromium <end-of-life> (see DSA 5046)
-CVE-2024-XXXX [Stored XSS in Avatar block]
+CVE-2024-4439 [Stored XSS in Avatar block]
 	- wordpress 6.5.2+dfsg1-1 (bug #1069091)
 	NOTE: https://wpscan.com/blog/unauthenticated-stored-xss-fixed-in-wordpress-core/
 	NOTE: https://wordpress.org/news/2024/04/wordpress-6-5-2-maintenance-and-security-release/
+	NOTE: https://core.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=57950%40%2F&new=57950%40%2F&sfp_email=&sfph_mail=#file3
+	NOTE: https://core.trac.wordpress.org/changeset/57951/branches/6.4/src/wp-includes/blocks/avatar.php
 CVE-2024-3302 (There was no limit to the number of HTTP/2 CONTINUATION frames that wo ...)
 	{DSA-5670-1 DSA-5663-1 DLA-3791-1 DLA-3790-1}
 	- firefox 125.0.1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/591128e4da25a08130801c3d7613b0d22c2adb87

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/591128e4da25a08130801c3d7613b0d22c2adb87
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240503/67037030/attachment.htm>

More information about the debian-security-tracker-commits mailing list