Lucene search
MitreCVELIST:CVE-2007-1049HistoryFeb 21, 2007 - 5:00 p.m.
CVE-2007-1049
2007-02-2117:00:00
mitre
www.cve.org
3
Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.
References
downloads.securityfocus.com/vulnerabilities/exploits/22534.html
osvdb.org/33766
secunia.com/advisories/24306
secunia.com/advisories/24566
trac.wordpress.org/changeset/4876
trac.wordpress.org/changeset/4877
trac.wordpress.org/ticket/3781
www.gentoo.org/security/en/glsa/glsa-200703-23.xml
www.securityfocus.com/bid/22534
www.vupen.com/english/advisories/2007/0741
Related
cve
cve
CVE-2007-1049
2007-02-21 17:28:00
CVE-2007-1230
2007-03-02 22:19:00
patchstack
patchstack
WordPress <= 2.1.0 - XSS
2007-02-21 00:00:00
prion
prion
Cross site scripting
2007-02-21 17:28:00
Cross site scripting
2007-03-02 22:19:00
ubuntucve
ubuntucve
CVE-2007-1049
2007-02-21 00:00:00
CVE-2007-1230
2007-03-02 00:00:00
debiancve
debiancve
CVE-2007-1049
2007-02-21 17:28:00
CVE-2007-1230
2007-03-02 22:19:00
nvd
nvd
CVE-2007-1049
2007-02-21 17:28:00
CVE-2007-1230
2007-03-02 22:19:00
cvelist
cvelist
CVE-2007-1230
2007-03-02 22:00:00
nessus
nessus
GLSA-200703-23 : WordPress: Multiple vulnerabilities
2007-03-26 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200703-23 (wordpress)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200703-23 (wordpress)
2008-09-24 00:00:00
gentoo
gentoo
WordPress: Multiple vulnerabilities
2007-03-20 00:00:00
securityvulns
securityvulns