6.8

CVE-2006-6808

Exploit

WordPress Core <= 2.0.5 - Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.  NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.
Mögliche Gegenmaßnahme
WordPress: Update to version 2.0.6, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Core
Produkt WordPress
Version * - 2.0.5
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WordpressWordpress Version <= 2.0.5
WordpressWordpress Version0.6.2 Updatebeta_2
WordpressWordpress Version0.6.2.1 Updatebeta_2
WordpressWordpress Version0.7
WordpressWordpress Version0.71
WordpressWordpress Version1.2
WordpressWordpress Version1.2.1
WordpressWordpress Version1.2.2
WordpressWordpress Version1.5
WordpressWordpress Version1.5.1
WordpressWordpress Version1.5.1.2
WordpressWordpress Version1.5.1.3
WordpressWordpress Version1.5.2
WordpressWordpress Version2.0
WordpressWordpress Version2.0.1
WordpressWordpress Version2.0.2
WordpressWordpress Version2.0.3
WordpressWordpress Version2.0.4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.48% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
http://michaeldaw.org/
Patch
Exploit