4.3
CVE-2007-1894
- EPSS 3.02%
- Veröffentlicht 09.04.2007 20:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:31
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
WordPress Core <= 2.1.2 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.
Mögliche Gegenmaßnahme
WordPress: Update to one of the following versions, or a newer patched version: 2.0.10, 2.1.3
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemWordPress Core
≫
Produkt
WordPress
Version
*-2.0.9
Version
2.1-2.1.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.02% | 0.857 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://secunia.com/advisories/25108
http://www.debian.org/security/2007/dsa-1285
http://chxsecurity.org/advisories/adv-1-mid.txt
http://secunia.com/advisories/24485
http://securityreason.com/securityalert/2526
http://trac.wordpress.org/changeset/5003
http://trac.wordpress.org/ticket/4093
http://www.securityfocus.com/archive/1/462374/100/0/threaded
http://www.securityfocus.com/bid/22902
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7d04f7d-d114-4104-a7cb-298c148e2b6d