Page 47 of 277 results (0.007 seconds)

CVSS: 7.2EPSS: 1%CPEs: 1EXPL: 6

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en WordPress 2.0.9 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro popuptitle de (1) wp-admin/post.php o (2) wp-admin/page-new.php. • https://www.exploit-db.com/exploits/30978 https://www.exploit-db.com/exploits/30977 http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html http://securityreason.com/securityalert/3539 http://securityvulns.ru/Sdocument714.html http://websecurity.com.ua/1658 http://www.securityfocus.com/archive/1/485786/100/0/threaded http://www.securityfocus.com/bid/27123 https://exchange.xforce.ibmcloud.com/vulnerabilities/39426 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 1%CPEs: 14EXPL: 2

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-admin/vars.php en WordPress anterior a 2.0.10 RC2, y anterior a 2.1.3 RC2 en las series 2.1, permite a usuarios remotos validados con privlegios de tema inyectar secuencias de comandos web o HTML a través de PATH_INFO en la interfaz de administrador, relacionado con el proceso regular el flujo de la expresión de PHP_SELF. • https://www.exploit-db.com/exploits/29754 http://secunia.com/advisories/24567 http://secunia.com/advisories/25108 http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006 http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt http://www.debian.org/security/2007/dsa-1285 http://www.securityfocus.com/bid/23027 http://www.vupen.com/english/advisories/2007/1005 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 10EXPL: 0

WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. WordPress permite a atacantes remotos obtener información sensible mediante una petición directa al wp-admin/admin-functions.php, que muestra la ruta (path) en un mensaje de error. • http://secunia.com/advisories/24566 http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml http://www.securityfocus.com/archive/1/462230/100/0/threaded http://www.securityfocus.com/archive/1/462249/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/32881 •

CVSS: 6.8EPSS: 5%CPEs: 1EXPL: 2

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el AdminPanel en WordPress 2.1.1 y anteriores permite a atacantes remotos realizar acciones privilegiadas como administradores, como se demostró con el uso de una acción de borrado en wp-admin/post.php. NOTA: este asunto podría estar apalancado en los ataques de secuencias de comandos en sitios cruzados (XSS) y robar cookies a través del parámetro post. • https://www.exploit-db.com/exploits/29682 http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0583.html http://osvdb.org/33787 http://osvdb.org/33788 http://secunia.com/advisories/24566 http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml http://www.securityfocus.com/archive/1/461351/100/0/threaded http://www.securityfocus.com/bid/22735 https://exchange.xforce.ibmcloud.com/vulnerabilities/32703 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 1%CPEs: 23EXPL: 2

Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función wp_explain_nonce de la funcionalidad nonce AYS (wp-includes/functions.php) para WordPress 2.0 anterior a 2.0.9 y 2.1 anterior a 2.1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el parámetro file a wp-admin/templates.php, y posiblemente otros vectores que implican la variable action. • https://www.exploit-db.com/exploits/29598 http://downloads.securityfocus.com/vulnerabilities/exploits/22534.html http://osvdb.org/33766 http://secunia.com/advisories/24306 http://secunia.com/advisories/24566 http://trac.wordpress.org/changeset/4876 http://trac.wordpress.org/changeset/4877 http://trac.wordpress.org/ticket/3781 http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml http://www.securityfocus.com/bid/22534 http://www.vupen.com/english/advisories/2007/0741 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •