WordPress Core 2.2.3 Cross-Site Scripting Vulnerabilit
Reporter | Title | Published | Views | Family All 8 |
---|---|---|---|---|
Debian CVE | CVE-2008-0192 | 10 Jan 200800:46 | – | debiancve |
Prion | Cross site scripting | 10 Jan 200800:46 | – | prion |
Exploit DB | WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting | 3 Jan 200800:00 | – | exploitdb |
Patchstack | WordPress <= 2.0.9 - Multiple XSS | 9 Jan 200800:00 | – | patchstack |
UbuntuCve | CVE-2008-0192 | 10 Jan 200800:00 | – | ubuntucve |
NVD | CVE-2008-0192 | 10 Jan 200800:46 | – | nvd |
Cvelist | CVE-2008-0192 | 10 Jan 200800:00 | – | cvelist |
CVE | CVE-2008-0192 | 10 Jan 200800:46 | – | cve |
source: https://www.securityfocus.com/bid/27123/info
WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
http://site/wp-admin/post.php?popuptitle=%22%20style=%22xss:expression(alert(document.cookie))%22
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo