4.3

CVE-2007-1622

Exploit

EPSS 3.28%
Veröffentlicht 23.03.2007 00:19:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

WordPress Core <= 2.1.2 - Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

Mögliche Gegenmaßnahme

WordPress: Update to one of the following versions, or a newer patched version: 2.0.10, 2.1.2

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

Weitere Schwachstelleninformationen

SystemWordPress Core

≫

Produkt WordPress

Version * - 2.0.9

Version 2.1 - 2.1.1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wordpress ≫ Wordpress Version2.0

Wordpress ≫ Wordpress Version2.0.1

Wordpress ≫ Wordpress Version2.0.2

Wordpress ≫ Wordpress Version2.0.3

Wordpress ≫ Wordpress Version2.0.4

Wordpress ≫ Wordpress Version2.0.5

Wordpress ≫ Wordpress Version2.0.6

Wordpress ≫ Wordpress Version2.0.7

Wordpress ≫ Wordpress Version2.0.10

Wordpress ≫ Wordpress Version2.0.10_rc1

Wordpress ≫ Wordpress Version2.1

Wordpress ≫ Wordpress Version2.1.1

Wordpress ≫ Wordpress Version2.1.2

Wordpress ≫ Wordpress Version2.1.3_rc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.28%	0.867

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/24567

Vendor Advisory

http://secunia.com/advisories/25108

http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006

http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt

Patch

Vendor Advisory

Exploit

http://www.debian.org/security/2007/dsa-1285

http://www.securityfocus.com/bid/23027

http://www.vupen.com/english/advisories/2007/1005

https://www.wordfence.com/threat-intel/vulnerabilities/id/a6074c97-619d-4f47-97c7-781c7a38019d

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-1622

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-1622

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-1622

EUVD