Vulnerabilities > CVE-2004-1559 - Cross-Site Scripting vulnerability in Wordpress 1.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description WordPress 1.2 categories.php cat_ID Parameter XSS. CVE-2004-1559. Webapps exploit for php platform id EDB-ID:24644 last seen 2016-02-02 modified 2004-09-28 published 2004-09-28 reporter Thomas Waldegger source https://www.exploit-db.com/download/24644/ title WordPress 1.2 - categories.php cat_ID Parameter XSS description WordPress 1.2 edit-comments.php Multiple Parameter XSS. CVE-2004-1559. Webapps exploit for php platform id EDB-ID:24646 last seen 2016-02-02 modified 2004-09-28 published 2004-09-28 reporter Thomas Waldegger source https://www.exploit-db.com/download/24646/ title WordPress 1.2 - edit-comments.php Multiple Parameter XSS description WordPress 1.2 bookmarklet.php Multiple Parameter XSS. CVE-2004-1559. Webapps exploit for php platform id EDB-ID:24643 last seen 2016-02-02 modified 2004-09-28 published 2004-09-28 reporter Thomas Waldegger source https://www.exploit-db.com/download/24643/ title WordPress 1.2 - bookmarklet.php Multiple Parameter XSS description WordPress 1.2 admin-header.php redirect_url Parameter XSS. CVE-2004-1559. Webapps exploit for php platform id EDB-ID:24642 last seen 2016-02-02 modified 2004-09-28 published 2004-09-28 reporter Thomas Waldegger source https://www.exploit-db.com/download/24642/ title WordPress 1.2 - admin-header.php redirect_url Parameter XSS description WordPress 1.2 edit.php s Parameter XSS. CVE-2004-1559. Webapps exploit for php platform id EDB-ID:24645 last seen 2016-02-02 modified 2004-09-28 published 2004-09-28 reporter Thomas Waldegger source https://www.exploit-db.com/download/24645/ title WordPress 1.2 - edit.php s Parameter XSS description WordPress 1.2 wp-login.php Multiple Parameter XSS. CVE-2004-1559. Webapps exploit for php platform id EDB-ID:24641 last seen 2016-02-02 modified 2004-09-28 published 2004-09-28 reporter Thomas Waldegger source https://www.exploit-db.com/download/24641/ title WordPress 1.2 - wp-login.php Multiple Parameter XSS
Nessus
NASL family CGI abuses : XSS NASL id WORDPRESS_XSS.NASL description The remote version of WordPress is vulnerable to cross-site scripting attacks due to a failure of the application to properly sanitize user- supplied URI input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 14836 published 2004-09-28 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14836 title WordPress < 1.2.2 Multiple XSS code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(14836); script_version("1.25"); script_cvs_date("Date: 2018/11/15 20:50:20"); script_cve_id("CVE-2004-1559"); script_bugtraq_id(11268); script_name(english:"WordPress < 1.2.2 Multiple XSS"); script_summary(english:"Attempts a non-persistent XSS attack."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains several PHP scripts that are affected by cross-site scripting attacks."); script_set_attribute(attribute:"description", value: "The remote version of WordPress is vulnerable to cross-site scripting attacks due to a failure of the application to properly sanitize user- supplied URI input. As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. This may facilitate the theft of cookie-based authentication credentials as well as other attacks."); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/376766"); script_set_attribute(attribute:"solution", value:"Upgrade to WordPress version 1.2.2 or greater."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/27"); script_set_attribute(attribute:"patch_publication_date", value:"2004/12/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/28"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress"); script_end_attributes(); script_category(ACT_ATTACK); script_family(english:"CGI abuses : XSS"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencies("wordpress_detect.nasl"); script_require_keys("installed_sw/WordPress", "www/PHP"); script_require_ports("Services/www", 80); exit(0); } # # The script code starts here # include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "WordPress"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port ); dir = install['path']; install_url = build_url(port:port, qs:dir); exploit = test_cgi_xss( port : port, dirs : make_list(dir), cgi : "/wp-login.php", qs : "redirect_to=<script>foo</script>", pass_str : "<script>foo</script>", ctrl_re : '<form name="login" id="loginform" action="wp-login.php" method="post">' ); if (!exploit) audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);NASL family CGI abuses NASL id WORDPRESS_XSS_SQL.NASL description According to its banner, the remote version of WordPress is vulnerable to a cross-site scripting attack that may allow an attacker to use the remote server to steal the cookies of third-party users on the remote site. In addition, the remote version of this software is vulnerable to a SQL injection attack that may allow an attacker to manipulate database queries. last seen 2020-06-01 modified 2020-06-02 plugin id 16023 published 2004-12-21 reporter This script is Copyright (C) 2004-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16023 title WordPress < 1.5.1 Multiple XSS and SQL Injection Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(16023); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:19"); script_cve_id("CVE-2004-1559"); script_bugtraq_id(12066); script_name(english:"WordPress < 1.5.1 Multiple XSS and SQL Injection Vulnerabilities"); script_summary(english:"Checks the version of WordPress."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains multiple PHP scripts that are affected by SQL injection and cross-site scripting attacks."); script_set_attribute(attribute:"description", value: "According to its banner, the remote version of WordPress is vulnerable to a cross-site scripting attack that may allow an attacker to use the remote server to steal the cookies of third-party users on the remote site. In addition, the remote version of this software is vulnerable to a SQL injection attack that may allow an attacker to manipulate database queries."); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/385042"); script_set_attribute(attribute:"solution", value:"Upgrade to WordPress version 1.5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2004/09/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/12/21"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wordpress:wordpress"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc."); script_dependencie("wordpress_detect.nasl"); script_require_keys("www/PHP", "installed_sw/WordPress", "Settings/ParanoidReport"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "WordPress"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); dir = install['path']; version = install['version']; install_url = build_url(port:port, qs:dir); if (report_paranoia < 2) audit(AUDIT_PARANOID); ver = split(version, sep:".", keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); # Versions less than 1.5.1 are vulnerable if ( (ver[0] < 1) || (ver[0] == 1 && ver[1] < 5) || (ver[0] == 1 && ver[1] == 5 && ver[2] < 1) ) { set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); if (report_verbosity > 0) { report = '\n URL : ' +install_url+ '\n Installed version : ' +version+ '\n Fixed version : 1.5.1\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);