Lucene search

K
cvelistMitreCVELIST:CVE-2007-3238
HistoryJun 15, 2007 - 1:00 a.m.

CVE-2007-3238

2007-06-1501:00:00
mitre
www.cve.org

5 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.9%

Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

5 Medium

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.9%