Lucene search

PRIOn knowledge basePRION:CVE-2007-0106

HistoryJan 09, 2007 - 12:28 a.m.

Cross site scripting

2007-01-0900:28:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

JSON

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

CPENameOperatorVersion
wordpresseq2.0
wordpresseq2.0.2
wordpresseq2.0.1
wordpresseq2.0.4
wordpresseq2.0.5
wordpresseq2.0.3

Name	Operator	Version
wordpress	eq	2.0
wordpress	eq	2.0.2
wordpress	eq	2.0.1
wordpress	eq	2.0.4
wordpress	eq	2.0.5
wordpress	eq	2.0.3

References

osvdb.org/33397

secunia.com/advisories/23595

securityreason.com/securityalert/2114

wordpress.org/development/2007/01/wordpress-206/

www.hardened-php.net/advisory_012007.140.html

www.securityfocus.com/archive/1/456048/100/0/threaded

www.securityfocus.com/bid/21893

www.vupen.com/english/advisories/2007/0061

6 Medium

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for PRION:CVE-2007-0106