Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2024 Tenable Network Security, Inc.WORDPRESS_XSS.NASL
HistorySep 28, 2004 - 12:00 a.m.

WordPress < 1.2.2 Multiple XSS

2004-09-2800:00:00
This script is Copyright (C) 2004-2024 Tenable Network Security, Inc.
www.tenable.com
18

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON

The remote version of WordPress is vulnerable to cross-site scripting attacks due to a failure of the application to properly sanitize user- supplied URI input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14836);
  script_version("1.27");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");

  script_cve_id("CVE-2004-1559");
  script_bugtraq_id(11268);

  script_name(english:"WordPress < 1.2.2 Multiple XSS");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains several PHP scripts that are affected
by cross-site scripting attacks.");
  script_set_attribute(attribute:"description", value:
"The remote version of WordPress is vulnerable to cross-site scripting
attacks due to a failure of the application to properly sanitize user-
supplied URI input.

As a result of this vulnerability, it is possible for a remote
attacker to create a malicious link containing script code that will
be executed in the browser of an unsuspecting user when followed. This
may facilitate the theft of cookie-based authentication credentials as
well as other attacks.");
  script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/376766");
  script_set_attribute(attribute:"solution", value:
"Upgrade to WordPress version 1.2.2 or greater.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2004/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/28");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_ATTACK);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2004-2024 Tenable Network Security, Inc.");

  script_dependencies("wordpress_detect.nasl");
  script_require_keys("installed_sw/WordPress", "www/PHP");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

#
# The script code starts here
#
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("install_func.inc");

app = "WordPress";
get_install_count(app_name:app, exit_if_zero:TRUE);

port = get_http_port(default:80, php:TRUE);

install = get_single_install(
  app_name : app,
  port     : port
);

dir = install['path'];
install_url = build_url(port:port, qs:dir);

exploit = test_cgi_xss(
  port : port,
  dirs : make_list(dir),
  cgi  : "/wp-login.php",
  qs   : "redirect_to=<script>foo</script>",
  pass_str : "<script>foo</script>",
  ctrl_re  :  '<form name="login" id="loginform" action="wp-login.php" method="post">'
);

if (!exploit)
 audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);
VendorProductVersionCPE
wordpresswordpresscpe:/a:wordpress:wordpress

Related

openvas 2
debiancve 1
nessus 1
nvd 1
wpvulndb 1
ubuntucve 1
cve 1
patchstack 1
cvelist 1
openvas
openvas
FreeBSD Ports: wordpress
2008-09-04 00:00:00
FreeBSD Ports: wordpress
2008-09-04 00:00:00
debiancve
debiancve
CVE-2004-1559
2005-02-20 05:00:00
nessus
nessus
WordPress < 1.5.1 Multiple XSS and SQL Injection Vulnerabilities
2004-12-21 00:00:00
nvd
nvd
CVE-2004-1559
2004-12-31 05:00:00
wpvulndb
wpvulndb
WordPress 1.2-1.2.1 - Multiple Cross-Site Scripting (XSS)
2004-12-31 00:00:00
ubuntucve
ubuntucve
CVE-2004-1559
2004-12-31 00:00:00
cve
cve
CVE-2004-1559
2005-02-20 05:00:00
patchstack
patchstack
WordPress <=1.2 - Multiple Cross-Site Scripting (XSS) vulnerabilities
2005-02-20 00:00:00
cvelist
cvelist
CVE-2004-1559
2005-02-20 05:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.6%

JSON
Related for WORDPRESS_XSS.NASL
openvas2debiancve1nessus1nvd1wpvulndb1ubuntucve1cve1patchstack1cvelist1