WordPress Multiple Cross-Site Scripting Vulnerabilities
BID:17069
Info
WordPress Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 17069 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 10 2006 12:00AM |
| Updated: | Mar 14 2006 12:55AM |
| Credit: | These issues were disclosed by the vendor. The vendor credits Mark Jaquith, Robert Deaton, and David House with the discovery of these issues. |
| Vulnerable: |
WordPress Wordpress (B2) 0.6.2 .1 WordPress Wordpress (B2) 0.6.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 WordPress WordPress 1.2 WordPress WordPress 0.71 WordPress WordPress 0.7 |
| Not Vulnerable: |
WordPress WordPress 2.0.2 |
Discussion
WordPress Multiple Cross-Site Scripting Vulnerabilities
WordPress is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
WordPress is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
Exploit / POC
WordPress Multiple Cross-Site Scripting Vulnerabilities
These issues can be exploited through use of a web client.
These issues can be exploited through use of a web client.
Solution / Fix
WordPress Multiple Cross-Site Scripting Vulnerabilities
Solution:
The vendor has released WordPress 2.0.2 to address these issues. See the referenced vendor advisory for further information.
WordPress Wordpress (B2) 0.6.2 .1
WordPress Wordpress (B2) 0.6.2
WordPress WordPress 0.7
WordPress WordPress 0.71
WordPress WordPress 1.2
WordPress WordPress 1.2.1
WordPress WordPress 1.2.2
WordPress WordPress 1.5
WordPress WordPress 1.5.1
WordPress WordPress 1.5.1 .3
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.2
WordPress WordPress 2.0
WordPress WordPress 2.0.1
Solution:
The vendor has released WordPress 2.0.2 to address these issues. See the referenced vendor advisory for further information.
WordPress Wordpress (B2) 0.6.2 .1
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress Wordpress (B2) 0.6.2
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 0.7
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 0.71
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.2
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.2.1
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.2.2
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.5
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.5.1
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.5.1 .3
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.5.1 .2
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.5.2
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 2.0
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 2.0.1
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
References
WordPress Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- 2.0.2 Security Release (WordPress)
- WordPress Homepage (WordPress)