Vulnerabilities > CVE-2007-1049 - Cross-Site Scripting vulnerability in Wordpress

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
wordpress
gentoo
nessus
exploit available
NVD
Published: 2007-02-21
Updated: 2011-03-08

Summary

Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.

Vulnerable Configurations

Part Description Count
Application
Wordpress
20
OS
Gentoo
2

Exploit-Db

descriptionWordpress 1.x/2.0.x Templates.PHP Cross-Site Scripting Vulnerability. CVE-2007-1049. Webapps exploit for php platform
idEDB-ID:29598
last seen2016-02-03
modified2007-02-12
published2007-02-12
reporterPsychoGun
sourcehttps://www.exploit-db.com/download/29598/
titleWordPress 1.x/2.0.x - Templates.PHP Cross-Site Scripting Vulnerability

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200703-23.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200703-23 (WordPress: Multiple vulnerabilities) WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3_x in the
last seen2020-06-01
modified2020-06-02
plugin id24889
published2007-03-26
reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/24889
titleGLSA-200703-23 : WordPress: Multiple vulnerabilities

References