WordPress PHP_Self Cross-Site Scripting Vulnerability
BID:23027
Info
WordPress PHP_Self Cross-Site Scripting Vulnerability
| Bugtraq ID: | 23027 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1622 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2007 12:00AM |
| Updated: | Aug 21 2007 10:53PM |
| Credit: | Alexander Concha and Jungsonn are credited with the discovery of this vulnerability. |
| Vulnerable: |
WordPress WordPress 2.1.2 WordPress WordPress 2.1.1 WordPress WordPress 2.0.10 WordPress WordPress 2.0.7 WordPress WordPress 2.0.6 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 2.2 Revision 5003 WordPress WordPress 2.2 Revision 5002 WordPress WordPress 2.1.3-RC1 WordPress WordPress 2.1 WordPress WordPress 2.0.10-RC1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
WordPress WordPress 2.1.3-RC2 WordPress WordPress 2.0.10-RC2 |
Discussion
WordPress PHP_Self Cross-Site Scripting Vulnerability
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Exploit / POC
WordPress PHP_Self Cross-Site Scripting Vulnerability
An attacker may exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Sample exploit code has been provided:
An attacker may exploit this issue by enticing an unsuspecting user to follow a malicious URI.
Sample exploit code has been provided:
Solution / Fix
WordPress PHP_Self Cross-Site Scripting Vulnerability
Solution:
The vendor has addressed this issue in a recent patch. The fix will be included in version 2.1.2. Please see the referenced vendor ticket for information on how to obtain and apply the patch.
Solution:
The vendor has addressed this issue in a recent patch. The fix will be included in version 2.1.2. Please see the referenced vendor ticket for information on how to obtain and apply the patch.
References
WordPress PHP_Self Cross-Site Scripting Vulnerability
References:
References:
- WordPress Homepage (WordPress)
- WordPress PHP_SELF Variable Handling XSS Vulnerability (Alexander Concha)
- Vulnerabilities digest (3APA3A)
- Wordpress All versions XSS ([email protected])