Lucene search

[email protected]NVD:CVE-2008-0192

HistoryJan 10, 2008 - 12:46 a.m.

CVE-2008-0192

2008-01-1000:46:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.007

Percentile

80.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

Affected configurations

Nvd

Node

wordpresswordpressRange≤2.0.9

VendorProductVersionCPE
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	wordpress	*	cpe:2.3:a:wordpress:wordpress::::::::

References

lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html

securityreason.com/securityalert/3539

securityvulns.ru/Sdocument714.html

websecurity.com.ua/1658/

www.securityfocus.com/archive/1/485786/100/0/threaded

www.securityfocus.com/bid/27123

exchange.xforce.ibmcloud.com/vulnerabilities/39426

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.007

Percentile

80.7%

JSON

Related for NVD:CVE-2008-0192

prion1 debiancve1 ubuntucve1 patchstack1 exploitdb2 cvelist1 cve1