Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Max CVSS
4.3
EPSS Score
51.22%
Published
2008-11-28
Updated
2017-08-08
1 vulnerabilities found