Lucene search

[email protected]CVE-2007-4153

HistoryAug 03, 2007 - 8:17 p.m.

CVE-2007-4153

2007-08-0320:17:00

[email protected]

web.nvd.nist.gov

wordpress

xss

vulnerability

security

admin panel

nvd

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

Affected configurations

NVD

Node

wordpresswordpressMatch2.2.1

CPENameOperatorVersion
wordpress:wordpresswordpresseq2.2.1

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	eq	2.2.1

References

codex.wordpress.org/Roles_and_Capabilities

mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/

osvdb.org/46994

osvdb.org/46995

secunia.com/advisories/30013

www.debian.org/security/2008/dsa-1564

exchange.xforce.ibmcloud.com/vulnerabilities/35720

exchange.xforce.ibmcloud.com/vulnerabilities/35722

2.1 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.2%

JSON

Related for CVE-2007-4153

patchstack1 prion1 cvelist1 debiancve1 ubuntucve1 nvd1 openvas2 debian1 nessus1 osv1