Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0985

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2006-0985
Last Modified 07 Mar 2011 09:31:31
Published 03 Mar 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0985

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.

Vulnerable Systems

Application

  • Wordpress 1.0

  • Wordpress 1.0.1

  • Wordpress 1.0.2

  • Wordpress 1.2

  • Wordpress 1.5

  • Wordpress 1.5.1

  • Wordpress 1.5.1.2

  • Wordpress 1.5.1.3

  • Wordpress 2.0

  • Wordpress 2.0.1


References

BUGTRAQ - 20060227 WordPress 2.0.1 Multiple Vulnerabilities

MISC - http://NeoSecurityTeam.net/advisories/Advisory-17.txt

VUPEN - ADV-2006-0777

XF - wordpress-wpcommentspost-xss(24957)

BUGTRAQ - 20060302 Re: FW: WordPress 2.0.1 Multiple Vulnerabilities

BUGTRAQ - 20060228 FW: WordPress 2.0.1 Multiple Vulnerabilities

SECUNIA - 19050


Last Updated: 27 May 2016 10:41:52