Lucene search

MitreCVE-2008-0192

HistoryJan 10, 2008 - 12:46 a.m.

CVE-2008-0192

2008-01-1000:46:00

CWE-79

mitre

web.nvd.nist.gov

cve

2008

0192

xss

vulnerabilities

wordpress

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.007

Percentile

80.7%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

Affected configurations

Nvd

Node

wordpresswordpressRange≤2.0.9

VendorProductVersionCPE
wordpresswordpress*cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
wordpress	wordpress	*	cpe:2.3:a:wordpress:wordpress::::::::

References

lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html

securityreason.com/securityalert/3539

securityvulns.ru/Sdocument714.html

websecurity.com.ua/1658/

www.securityfocus.com/archive/1/485786/100/0/threaded

www.securityfocus.com/bid/27123

exchange.xforce.ibmcloud.com/vulnerabilities/39426

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.007

Percentile

80.7%

JSON

Related for CVE-2008-0192