CVE-2016-7168 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Cross-site scripting |
| Description | A cross-site scripting vulnerability has been discovered via a malicious image filename, reported by SumOfPwn researcher Cengiz Han Sahin. A WordPress admin can be tricked into uploading a malicious image file requested by a user this admin trusts or a popular malicious image that was spread via social media. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-39 | wordpress | 4.6.0-1 | 4.6.1-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 30 Sep 2016 | ASA-201609-32 | AVG-39 | wordpress | High | multiple issues |
| References |
|---|
http://www.openwall.com/lists/oss-security/2016/09/08/24 |