Lucene search
Juan Galiana LaraPATCHSTACK:8D955285641B2606CAA6E8A1193CA966HistoryMar 10, 2009 - 12:00 a.m.
WordPress MU <= 2.7 - 'HOST' HTTP Header XSS Vulnerability
2009-03-1000:00:00
Juan Galiana Lara
patchstack.com
13
EPSS
0.005
Percentile
77.1%
WordPress MU prior to version 2.7 fails to sanitize the Host header correctly in choose_primary_blog function and can be hacked. Sites running in based virtual hosting setup are not affected while they are not the default virtual host.
Solution
Upgrade WordPress.
References
Related
openvas
openvas
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
WordPress MU Cross-Site Scripting Vulnerability (Apr 2009)
2009-05-11 00:00:00
Fedora Core 10 FEDORA-2009-3474 (wordpress-mu)
2009-04-15 00:00:00
nessus
nessus
cvelist
cvelist
CVE-2009-1030
2009-03-20 00:00:00
nvd
nvd
CVE-2009-1030
2009-03-20 00:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: wordpress-mu-2.6.5-2.fc10
2009-04-09 16:15:18
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.5.2-1.fc10
2009-11-10 17:57:05
[SECURITY] Fedora 10 Update: wordpress-mu-2.8.4a-1.fc10
2009-08-15 08:11:21
cve
cve
CVE-2009-1030
2009-03-20 00:30:00
prion
prion
Cross site scripting
2009-03-20 00:30:00
securityvulns
securityvulns