CVE-2008-0193

2008-01-1000:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0193

cross-site scripting

xss vulnerability

wordpress

wp-db-backup.php

nvd

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.007 Low

EPSS

Percentile

80.8%

JSON

Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.

CPENameOperatorVersion
wordpress:wordpresswordpresseq2.1.1
wordpress:wordpresswordpresseq2.1.3_rc2
wordpress:wordpresswordpresseq2.2.3
wordpress:wordpresswordpresseq2.1
wordpress:wordpresswordpresseq2.2_revision5003
wordpress:wordpresswordpresseq2.2
wordpress:wordpresswordpresseq2.1.3
wordpress:wordpresswordpresseq2.2.0
wordpress:wordpresswordpresseq2.1.2
wordpress:wordpresswordpresseq2.2.2

CPE	Name	Operator	Version
wordpress:wordpress	wordpress	eq	2.1.1
wordpress:wordpress	wordpress	eq	2.1.3_rc2
wordpress:wordpress	wordpress	eq	2.2.3
wordpress:wordpress	wordpress	eq	2.1
wordpress:wordpress	wordpress	eq	2.2_revision5003
wordpress:wordpress	wordpress	eq	2.2
wordpress:wordpress	wordpress	eq	2.1.3
wordpress:wordpress	wordpress	eq	2.2.0
wordpress:wordpress	wordpress	eq	2.1.2
wordpress:wordpress	wordpress	eq	2.2.2