Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0691

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-0691
Last Modified 15 Sep 2009 01:11:39
Published 11 Feb 2008 08:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-0691

Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.

Vulnerable Systems

Application

  • Simon Elvery Wp-footnotes 2.2

  • Wordpress Wp-footnotes 2.2


References

XF - wpfootnotes-adminpanel-security-bypass(40218)

BID - 27572

BUGTRAQ - 20080201 Wordpress Pluging wp-footnotes 2.2 (admin_panel.php) Multiple Vulnerabilites

SECUNIA - 28772

SREASON - 3634


Last Updated: 27 May 2016 10:46:54