Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/11268 | Exploit Patch |
http://secunia.com/advisories/12683 | Exploit Vendor Advisory |
http://securitytracker.com/id?1011440 | |
http://marc.info/?l=bugtraq&m=109641484723194&w=2 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17532 |
Configurations
Information
Published : 2004-12-30 21:00
Updated : 2017-07-10 18:31
NVD link : CVE-2004-1559
Mitre link : CVE-2004-1559
JSON object : View
CWE
Products Affected
wordpress
- wordpress