CVE-2007-4153 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations since the Administrator role has the unfiltered_html capability.

Reference

http://codex.wordpress.org/Roles_and_Capabilities http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/ http://osvdb.org/46994 http://osvdb.org/46995 http://secunia.com/advisories/30013 http://www.debian.org/security/2008/dsa-1564 https://exchange.xforce.ibmcloud.com/vulnerabilities/35720 https://exchange.xforce.ibmcloud.com/vulnerabilities/35722 Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations since the Administrator role has the unfiltered_html capability.

Share on: