wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2007-09-14 11:17
Updated : 2017-07-28 18:33
NVD link : CVE-2007-4893
Mitre link : CVE-2007-4893
JSON object : View
CWE
CWE-352
Cross-Site Request Forgery (CSRF)
Products Affected
wordpress
- wordpress