4.3
CVSSv2

CVE-2009-1030

Published: 20/03/2009 Updated: 21/11/2024

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) prior to 2.7 allows remote malicious users to inject arbitrary web script or HTML via the HTTP Host header.

Vulnerable Product Search on Vulmon Subscribe to Product

wordpress wordpress mu

wordpress wordpress mu 1.0

wordpress wordpress mu 1.1

wordpress wordpress mu 1.1.1

wordpress wordpress mu 1.2

wordpress wordpress mu 1.2.1

wordpress wordpress mu 1.2.2

wordpress wordpress mu 1.2.3

wordpress wordpress mu 1.2.4

wordpress wordpress mu 1.2.5a

wordpress wordpress mu 1.3

wordpress wordpress mu 1.3.1

wordpress wordpress mu 1.3.2

wordpress wordpress mu 1.3.3

wordpress wordpress mu 1.5

wordpress wordpress mu 1.5.1

wordpress wordpress mu 2.6.1

wordpress wordpress mu 2.6.2

wordpress wordpress mu 2.6.3

wordpress wordpress mu 2.6.5

wordpress wordpress mu 2.7

Exploits

============================================= INTERNET SECURITY AUDITORS ALERT 2009-004 - Original release date: December 3rd, 2008 - Last revised: March 10th, 2009 - Discovered by: Juan Galiana Lara - Severity: 63/10 (CVSS scored) ============================================= I VULNERABILITY ------------------------- WordPress MU < 27 'Hos ...