Lucene search
Copyright (C) 2009 Greenbone AGOPENVAS:1361412562310800376HistoryMay 11, 2009 - 12:00 a.m.
WordPress MU Cross-Site Scripting Vulnerability (Apr 2009)
2009-05-1100:00:00
Copyright (C) 2009 Greenbone AG
plugins.openvas.org
14
5.4 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.9%
WordPress MU is prone to a cross-site scripting (XSS) vulnerability.
# SPDX-FileCopyrightText: 2009 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:wordpress:wordpress_mu";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.800376");
script_version("2024-02-19T05:05:57+0000");
script_tag(name:"last_modification", value:"2024-02-19 05:05:57 +0000 (Mon, 19 Feb 2024)");
script_tag(name:"creation_date", value:"2009-05-11 08:41:11 +0200 (Mon, 11 May 2009)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_cve_id("CVE-2009-1030");
script_name("WordPress MU Cross-Site Scripting Vulnerability (Apr 2009)");
script_xref(name:"URL", value:"http://www.milw0rm.com/exploits/8196");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/34075");
script_xref(name:"URL", value:"http://xforce.iss.net/xforce/xfdb/49184");
script_xref(name:"URL", value:"http://securitytracker.com/alerts/2009/Mar/1021838.html");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wordpress_http_detect.nasl");
script_mandatory_keys("wordpress/detected");
script_tag(name:"impact", value:"Successful exploitation will let the attacker execute malicious crafted
HTTP headers and conduct cross site scripting attacks to gain administrative
privileges into the affected web application.");
script_tag(name:"affected", value:"WordPress MU before 2.7 on all running platform.");
script_tag(name:"insight", value:"The vulnerability is due to improper validation of user supplied input in
'wp-includes/wpmu-functions.php' for choose_primary_blog function.");
script_tag(name:"solution", value:"Update to Version 2.7 or later.");
script_tag(name:"summary", value:"WordPress MU is prone to a cross-site scripting (XSS) vulnerability.");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!wpmuPort = get_app_port(cpe:CPE))
exit(0);
if(!ver = get_app_version(cpe:CPE, port:wpmuPort))
exit(0);
if(version_is_less(version:ver, test_version:"2.7")){
report = report_fixed_ver(installed_version:ver, fixed_version:"2.7");
security_message(port:wpmuPort, data:report);
exit(0);
}
exit(99);
Related
patchstack
patchstack
WordPress MU <= 2.7 - 'HOST' HTTP Header XSS Vulnerability
2009-03-10 00:00:00
prion
prion
Cross site scripting
2009-03-20 00:30:00
nessus
nessus
openvas
openvas
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
HP-UX Update for AudFilter rules enabled HPSBUX02514
2010-04-07 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-mu-2.6.5-2.fc10
2009-04-09 16:15:18
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.5.2-1.fc10
2009-11-10 17:57:05
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.4a-1.fc10
2009-08-15 08:11:21
cve
cve
CVE-2009-1030
2009-03-20 00:30:00
securityvulns
securityvulns
5.4 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
76.9%
Related for OPENVAS:1361412562310800376