CVE-2006-6808

2006-12-28T21:28:00
ID CVE-2006-6808
Type cve
Reporter cve@mitre.org
Modified 2017-07-29T01:29:00

Description

Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php. This vulnerability is addressed in the following product release: WordPress, WordPress, 2.0.6