Cross-site Scripting (XSS) Affecting wordpress package, versions <2.1.3-1
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-WORDPRESS-363357
- published 28 Mar 2007
- disclosed 28 Mar 2007
Introduced: 28 Mar 2007
CVE-2007-1732 Open this link in a new tabHow to fix?
Upgrade Debian:unstable wordpress to version 2.1.3-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream wordpress package and not the wordpress package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor
References
- https://security-tracker.debian.org/tracker/CVE-2007-1732
- http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml
- http://marc.info/?l=bugtraq&m=117319839710382&w=2
- http://codex.wordpress.org/Roles_and_Capabilities
- http://osvdb.org/33884
- http://secunia.com/advisories/24430
- http://secunia.com/advisories/24566