Page 66 of 345 results (0.006 seconds)

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en wp-register.php en WordPress 2.0 y 2.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro user_email. • https://www.exploit-db.com/exploits/30602 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp http://securityreason.com/securityalert/3175 http://www.securityfocus.com/archive/1/480327/100/0/threaded http://www.securityfocus.com/bid/25769 https://exchange.xforce.ibmcloud.com/vulnerabilities/36742 https://exchange.xforce.ibmcloud.com/vulnerabilities/36743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt http://secunia.com/advisories/19050 http://www.securityfocus.com/archive/1/426304/100/0/threaded http://www.securityfocus.com/archive/1/426504/100/0/threaded http://www.securityfocus.com/archive/1/426574/100/0/threaded http://www.vupen.com/english/advisories/2006/0777 https://exchange.xforce.ibmcloud.com/vulnerabilities/24957 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 1

WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. Other vectors might be covered by CVE-2005-1688. NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure. • http://NeoSecurityTeam.net/advisories/Advisory-17.txt http://secunia.com/advisories/19050 http://www.securityfocus.com/archive/1/426304/100/0/threaded http://www.securityfocus.com/archive/1/426504/100/0/threaded http://www.securityfocus.com/archive/1/426574/100/0/threaded http://www.vupen.com/english/advisories/2006/0777 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 2.6EPSS: 0%CPEs: 1EXPL: 3

Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability • https://www.exploit-db.com/exploits/27227 http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html http://www.securityfocus.com/archive/1/425043/100/0/threaded http://www.securityfocus.com/bid/16656 https://exchange.xforce.ibmcloud.com/vulnerabilities/24736 •

CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']). • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909 http://trac.wordpress.org/ticket/1686 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •