CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4481 – Blix 0.9.1 and Blix 0.9.1 Rus - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4481
Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix 0.9.1 and (2) Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en index.php de los temas (1) Blix 0.9.1 y (2) Blix 0.9.1 Rus para WordPress permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el PATH_INFO (PHP_SELF). • http://securityvulns.ru/Rdocument825.html http://websecurity.com.ua/1248 http://www.securityfocus.com/archive/1/477253/100/0/threaded • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2007-4014 – Blix <= 0.9.1, Blixed <= 1.0, BlixKrieg <= 2.2 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-4014
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en un cierto index.php en una secuencia de comandos de instalación relacionado con los temas (1) Blix 0.9.1, (2) Blixed 1.0, y (3) BlixKrieg (Blix Krieg) 2.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos secuencias de comandos web o HMTL a través del parámetro s, posiblemente relacionado con un asunto relacionado con CVE-2007-2757. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. The Blix <= 0.9.1, Blixed <= 1.0, BlixKrieg <= 2.2 themes for WordPress are vulnerable to Reflected Cross-Site Scripting via the 's' parameter due to insufficient input sanitization and output escaping. • http://secunia.com/advisories/26109 http://secunia.com/advisories/26115 http://secunia.com/advisories/26116 http://www.osvdb.org/37056 http://www.osvdb.org/37057 http://www.securityfocus.com/bid/24954 https://exchange.xforce.ibmcloud.com/vulnerabilities/35472 https://exchange.xforce.ibmcloud.com/vulnerabilities/35473 https://exchange.xforce.ibmcloud.com/vulnerabilities/35474 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •