Lucene search
MitreCVE-2009-1030HistoryMar 20, 2009 - 12:30 a.m.
CVE-2009-1030
2009-03-2000:30:00
CWE-79
mitre
web.nvd.nist.gov
46
cve-2009-1030
cross-site scripting
xss
vulnerability
wordpress mu
wpmu
web script
html
http host header
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.005
Percentile
77.1%
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Affected configurations
Node
wordpresswordpress_muRange≤2.6
ORwordpresswordpress_muMatch1.0
ORwordpresswordpress_muMatch1.0rc1
ORwordpresswordpress_muMatch1.0rc2
ORwordpresswordpress_muMatch1.0rc3
ORwordpresswordpress_muMatch1.0rc4
ORwordpresswordpress_muMatch1.1
ORwordpresswordpress_muMatch1.1.1
ORwordpresswordpress_muMatch1.2
ORwordpresswordpress_muMatch1.2.1
ORwordpresswordpress_muMatch1.2.2
ORwordpresswordpress_muMatch1.2.3
ORwordpresswordpress_muMatch1.2.4
ORwordpresswordpress_muMatch1.2.4rc1
ORwordpresswordpress_muMatch1.2.5a
ORwordpresswordpress_muMatch1.3
ORwordpresswordpress_muMatch1.3.1
ORwordpresswordpress_muMatch1.3.2
ORwordpresswordpress_muMatch1.3.3
ORwordpresswordpress_muMatch1.5rc1
ORwordpresswordpress_muMatch1.5.1
ORwordpresswordpress_muMatch2.6.1
ORwordpresswordpress_muMatch2.6.2
ORwordpresswordpress_muMatch2.6.3
ORwordpresswordpress_muMatch2.6.5
ORwordpresswordpress_muMatch2.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| wordpress | wordpress_mu | 1.0 | cpe:/a:wordpress:wordpress_mu:1.0:rc2:: |
| wordpress | wordpress_mu | 1.2 | cpe:/a:wordpress:wordpress_mu:1.2::: |
| wordpress | wordpress_mu | 2.6.2 | cpe:/a:wordpress:wordpress_mu:2.6.2::: |
| wordpress | wordpress_mu | 1.3.3 | cpe:/a:wordpress:wordpress_mu:1.3.3::: |
| wordpress | wordpress_mu | 1.3.1 | cpe:/a:wordpress:wordpress_mu:1.3.1::: |
| wordpress | wordpress_mu | cpe:/a:wordpress:wordpress_mu:::: | |
| wordpress | wordpress_mu | 1.2.3 | cpe:/a:wordpress:wordpress_mu:1.2.3::: |
| wordpress | wordpress_mu | 1.2.4 | cpe:/a:wordpress:wordpress_mu:1.2.4::: |
| wordpress | wordpress_mu | 1.1 | cpe:/a:wordpress:wordpress_mu:1.1::: |
| wordpress | wordpress_mu | 1.1.1 | cpe:/a:wordpress:wordpress_mu:1.1.1::: |
Related
openvas
openvas
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
WordPress MU Cross-Site Scripting Vulnerability (Apr 2009)
2009-05-11 00:00:00
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
patchstack
patchstack
WordPress MU <= 2.7 - 'HOST' HTTP Header XSS Vulnerability
2009-03-10 00:00:00
nessus
nessus
cvelist
cvelist
CVE-2009-1030
2009-03-20 00:00:00
nvd
nvd
CVE-2009-1030
2009-03-20 00:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-mu-2.6.5-2.fc10
2009-04-09 16:15:18
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.5.2-1.fc10
2009-11-10 17:57:05
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.4a-1.fc10
2009-08-15 08:11:21
prion
prion
Cross site scripting
2009-03-20 00:30:00
securityvulns
securityvulns
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.005
Percentile
77.1%
Related for CVE-2009-1030