CVE-2009-3891
WordPress <2.8.6 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter (aka the selection variable).
References (9)
Scores
EPSS
0.0104
EPSS Percentile
77.2%
Classification
CWE
CWE-79
Status
published
Affected Products (2)
wordpress/wordpress
< 2.8.5
n/a/n/a
Timeline
Published
Nov 17, 2009
Tracked Since
Feb 18, 2026