Vulnerabilities > CVE-2007-1049 - Cross-Site Scripting vulnerability in Wordpress
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
Vulnerable Configurations
Exploit-Db
description | Wordpress 1.x/2.0.x Templates.PHP Cross-Site Scripting Vulnerability. CVE-2007-1049. Webapps exploit for php platform |
id | EDB-ID:29598 |
last seen | 2016-02-03 |
modified | 2007-02-12 |
published | 2007-02-12 |
reporter | PsychoGun |
source | https://www.exploit-db.com/download/29598/ |
title | WordPress 1.x/2.0.x - Templates.PHP Cross-Site Scripting Vulnerability |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200703-23.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200703-23 (WordPress: Multiple vulnerabilities) WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3_x in the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 24889 |
published | 2007-03-26 |
reporter | This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/24889 |
title | GLSA-200703-23 : WordPress: Multiple vulnerabilities |
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html
- http://osvdb.org/33766
- http://secunia.com/advisories/24306
- http://secunia.com/advisories/24566
- http://trac.wordpress.org/changeset/4876
- http://trac.wordpress.org/changeset/4877
- http://trac.wordpress.org/ticket/3781
- http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml
- http://www.securityfocus.com/bid/22534
- http://www.vupen.com/english/advisories/2007/0741