4.3

CVE-2007-4014

EPSS 1.16%
Published 26.07.2007 01:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected products Warnungen 0 Metrics 2 CWE 0 References 12

Data is provided by the National Vulnerability Database (NVD)

Wordpress ≫ Blix Version0.9.1

Wordpress ≫ Blixed Version1.0

Wordpress ≫ Blixkrieg Version2.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.16%	0.777

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

http://secunia.com/advisories/26109

Vendor Advisory

http://secunia.com/advisories/26115

Vendor Advisory

http://secunia.com/advisories/26116

Vendor Advisory

http://www.osvdb.org/37056

http://www.osvdb.org/37057

http://www.securityfocus.com/bid/24954

https://exchange.xforce.ibmcloud.com/vulnerabilities/35472

https://exchange.xforce.ibmcloud.com/vulnerabilities/35473

https://exchange.xforce.ibmcloud.com/vulnerabilities/35474

https://nvd.nist.gov/vuln/detail/CVE-2007-4014

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4014

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4014

EUVD