Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1796

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-1796
Last Modified 05 Sep 2008 05:02:52
Published 17 Apr 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1796

Summary

Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).

Vulnerable Systems

Application

  • Wordpress 0.6.2

  • Wordpress 0.6.2.1

  • Wordpress 0.7

  • Wordpress 0.71

  • Wordpress 1.0

  • Wordpress 1.0.1

  • Wordpress 1.0.2

  • Wordpress 1.2

  • Wordpress 1.2.1

  • Wordpress 1.2.2

  • Wordpress 1.5

  • Wordpress 1.5.1

  • Wordpress 1.5.1.2

  • Wordpress 1.5.1.3

  • Wordpress 1.5.2

  • Wordpress 2.0


References

MISC - http://trac.wordpress.org/ticket/1686

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909


Last Updated: 27 May 2016 10:42:11