Lucene search

[email protected]CVE-2007-4166

HistoryAug 07, 2007 - 10:17 a.m.

CVE-2007-4166

2007-08-0710:17:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-4166

cross-site scripting

xss

vulnerability

wordpress

unnamed theme

remote attacks

html

script injection

5.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.

CPENameOperatorVersion
wordpress:unamed_themewordpress unamed themeeq1.217
wordpress:unamed_theme_sewordpress unamed theme seeq1.02

CPE	Name	Operator	Version
wordpress:unamed_theme	wordpress unamed theme	eq	1.217
wordpress:unamed_theme_se	wordpress unamed theme se	eq	1.02

References

osvdb.org/36604

secunia.com/advisories/26321

www.securityfocus.com/bid/25215

xuyiyang.com/2007/06/29/unnamed-1-217/

exchange.xforce.ibmcloud.com/vulnerabilities/35821

5.9 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

71.8%

JSON

Related for CVE-2007-4166

prion4 ubuntucve1 cve3 debiancve1 patchstack2