Base Score

MEDIUM5.4

CVE-2019-16223

WordPress before 5.2.3 allows XSS in post previews by authenticated users.

VectorNETWORK

Published Bycve@mitre.org

Published DateSep 11, 2019, 14:15

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

http://packetstormsecurity.com/files/160745/WordPress-Core-5.2.2-Cross-Site-Scripting.html
https://lists.debian.org/debian-lts-announce/2019/10/msg00023.html
https://seclists.org/bugtraq/2020/Jan/8
https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
https://wpvulndb.com/vulnerabilities/9862
https://www.debian.org/security/2020/dsa-4599
https://www.debian.org/security/2020/dsa-4677

Base Score

MEDIUM5.4

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE