[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

254202

 
 

909

 
 

198060

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4153Date: (C)2007-08-03   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-30013
OSVDB-46994
OSVDB-46995
DSA-1564
http://codex.wordpress.org/Roles_and_Capabilities
http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/
wordpress-linkimport-xss(35720)
wordpress-options-xss(35722)

CPE    1
cpe:/a:wordpress:wordpress:2.2.1
OVAL    1
oval:org.mitre.oval:def:7845

© SecPod Technologies