CVE-2007-1622

Sažetak

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

Reference

http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt
http://secunia.com/advisories/24567
http://www.debian.org/security/2007/dsa-1285
http://secunia.com/advisories/25108
http://www.securityfocus.com/bid/23027
http://www.vupen.com/english/advisories/2007/1005
http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:00

Objavljeno

23-03-2007 - 00:19