CVE-2007-4166

Sažetak

Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/36604
http://secunia.com/advisories/26321
http://www.securityfocus.com/bid/25215
http://xuyiyang.com/2007/06/29/unnamed-1-217/
https://exchange.xforce.ibmcloud.com/vulnerabilities/35821

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

29-07-2017 - 01:32

Objavljeno

07-08-2007 - 10:17