Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4153

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2007-4153
Last Modified 15 Nov 2008 01:55:48
Published 03 Aug 2007 04:17:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2007-4153

Summary

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

Vulnerable Systems

Application

  • Wordpress 2.2.1


References

XF - wordpress-options-xss(35722)

XF - wordpress-linkimport-xss(35720)

OSVDB - 46995

OSVDB - 46994

MISC - http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/

MISC - http://codex.wordpress.org/Roles_and_Capabilities

DEBIAN - DSA-1564

SECUNIA - 30013


Last Updated: 27 May 2016 10:45:46