Published: 02/03/2007 Updated: 08/03/2011

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress prior to 2.1.2-alpha allow remote malicious users to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wordpress wordpress 2.1

Debian Bug report logs - #437085 CVE-2007-1599: wp-loginphp allows remote attackers to redirect authenticated users to other websites Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@sko ...

NVD-CWE-Other http://trac.wordpress.org/changeset/4951 http://trac.wordpress.org/changeset/4952 http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml http://secunia.com/advisories/24566 http://osvdb.org/34361 http://www.vupen.com/english/advisories/2007/0756 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=437085 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-1230

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect