Vulnerabilities > CVE-2007-1230 - Cross-Site Scripting vulnerability in Wordpress 2.1

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
wordpress
nessus
NVD
Published: 2007-03-02
Updated: 2011-03-08

Summary

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

Vulnerable Configurations

Part Description Count
Application
Wordpress
1

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200703-23.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200703-23 (WordPress: Multiple vulnerabilities) WordPress contains cross-site scripting or cross-site scripting forgery vulnerabilities reported by: g30rg3_x in the
last seen2020-06-01
modified2020-06-02
plugin id24889
published2007-03-26
reporterThis script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/24889
titleGLSA-200703-23 : WordPress: Multiple vulnerabilities

References