Wordpress Templates.PHP Cross-Site Scripting Vulnerability

Bugtraq ID:	22534
Class:	Input Validation Error
CVE:	CVE-2007-1049
Remote:	Yes
Local:	No
Published:	Feb 12 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	PsychoGun is credited with the discovery of this vulnerability.
Vulnerable:	WordPress Wordpress (B2) 0.6.2 .1 WordPress Wordpress (B2) 0.6.2 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 + Gentoo Linux WordPress WordPress 1.2 + Gentoo Linux 1.4 + Gentoo Linux WordPress WordPress 0.71 WordPress WordPress 0.7 WordPress WordPress 2.1 Gentoo Linux
Not Vulnerable:

Wordpress Templates.PHP Cross-Site Scripting Vulnerability

WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Wordpress Templates.PHP Cross-Site Scripting Vulnerability

No exploit is required.

The following proof-of-concept URI is available:

• /data/vulnerabilities/exploits/22534.html

Wordpress Templates.PHP Cross-Site Scripting Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Wordpress Templates.PHP Cross-Site Scripting Vulnerability

References: