Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2007-1622

Published: 23/03/2007 Updated: 08/03/2011
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Wordpress

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress prior to 2.0.10 RC2, and prior to 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress 2.0.3

wordpress wordpress 2.0.4

wordpress wordpress 2.1.3_rc1

wordpress wordpress 2.0.10_rc1

wordpress wordpress 2.0.2

wordpress wordpress 2.1.1

wordpress wordpress 2.1.2

wordpress wordpress 2.0.1

wordpress wordpress 2.0.10

wordpress wordpress 2.0.7

wordpress wordpress 2.1

wordpress wordpress 2.0

wordpress wordpress 2.0.5

wordpress wordpress 2.0.6

Vendor Advisories

Debian Security Advisories: DSA-1285-1 wordpress -- several vulnerabilities
CVE-2007-1622 Cross-site scripting (XSS) vulnerability in wp-admin/varsphp in WordPress before 2010 RC2, and before 213 RC2 in the 21 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression ...
Debian CVElist Bug Report Logs: CVE-2007-1599: wp-login.php allows remote attackers to redirect authenticated users to other websites
Debian Bug report logs - #437085 CVE-2007-1599: wp-loginphp allows remote attackers to redirect authenticated users to other websites Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debianorg>; Source for wordpress is src:wordpress (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@sko ...

Exploits

Exploit DB: WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
source: wwwsecurityfocuscom/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user This may help the attacker steal cookie-based authentica ...

References

NVD-CWE-Otherhttp://sla.ckers.org/forum/read.php?2,7935#msg-8006http://www.buayacorp.com/files/wordpress/wordpress-advisory.txthttp://secunia.com/advisories/24567http://www.debian.org/security/2007/dsa-1285http://secunia.com/advisories/25108http://www.securityfocus.com/bid/23027http://www.vupen.com/english/advisories/2007/1005https://nvd.nist.govhttps://www.securityfocus.com/bid/23027https://www.exploit-db.com/exploits/29754/https://www.debian.org/security/./dsa-1285
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3079CVE-2021-4376CVE-2020-36716firewalldosCVE-2023-32784CVE-2021-4344cameraCVE-2021-4356
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook