Информационная безопасность
[RU] switch to English


CVECVE-2007-1622
СтатусCandidate
ОписаниеCross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
Важность
Low
CVSS score1,9
CVSS vector(AV:R/AC:H/Au:NR/C:N/I:P/A:N/B:N)
PhaseAssigned (22.03.2007)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1622
ReferencesBID : 23027
 SECUNIA : 24567
 SECUNIA : 25108
 FRSIRT : ADV-2007-1005
 DEBIAN : DSA-1285
 MISC : http://sla.ckers.org/forum/read.php?2,7935#msg-8006
 MISC : http://www.buayacorp.com/files/wordpress/wordpress...
SecurityVulns:Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )
О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород