Lucene search

MitreCVE-2007-1732

HistoryMar 28, 2007 - 8:19 p.m.

CVE-2007-1732

2007-03-2820:19:00

CWE-79

mitre

web.nvd.nist.gov

cve-2007-1732

nvd

cross-site scripting

xss

wordpress 2.1.2

vulnerability

remote authenticated administrators

web script

html

demo parameter

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor

Affected configurations

Nvd

Node

wordpresswordpressMatch2.1.2

VendorProductVersionCPE
wordpresswordpress2.1.2cpe:2.3:a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	wordpress	2.1.2	cpe:2.3:a:wordpress:wordpress:2.1.2:::::::*

References

codex.wordpress.org/Roles_and_Capabilities

marc.info/?l=bugtraq&m=117319839710382&w=2

osvdb.org/33884

secunia.com/advisories/24430

secunia.com/advisories/24566

www.gentoo.org/security/en/glsa/glsa-200703-23.xml

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.2

Confidence

High

EPSS

0.002

Percentile

55.0%

JSON

Related for CVE-2007-1732