Vulnerabilities > CVE-2006-1796 - Cross-Site Scripting vulnerability in WordPress
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
wordpress
Summary
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). The vulnerability manifests itself only when viewed by IE. This vulnerability is addressed in the following product release: Wordpress 2.0.1-1