正文

Wordpress多个跨站脚本漏洞

admin
admin V管理员 /0 评论 /8 阅读
1231
此篇文章发布距今已超过1277天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Wordpress多个跨站脚本漏洞

  • CNNVD编号:CNNVD-200412-137
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2004-1559
  • 漏洞类型: 跨站脚本
  • 发布时间: 2004-12-31
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: wordpress
  • 漏洞来源: .');">Discovery is credi...

漏洞简介

Wordpress 1.2版本存在多个跨站脚本(XSS)漏洞。远程攻击者可以借助各种参数注入任意web脚本或HTMl,这些参数包括(1)wp-login.php的redirect_to,text,popupurl或popuptitle参数,(2)admin-header.php的redirect_url参数(3)bookmarklet.php的 popuptitle,popupurl, content或post_title参数(4)categories.php的cat_ID 参数(5)edit.php的s参数或 (6)edit-comments.php的s或mode参数。

漏洞公告

The vendor has released WordPress version 1.2.1 to address these issues. Update: It is reported that version 1.2.1 did not completely fix these issues. It is reported that version 1.2.2 has been released, and that it fixes all issues described in this BID. WordPress WordPress 1.2

  • WordPress WordPress Latest Release Download http://wordpress.org/latest.tar.gz
WordPress WordPress 1.2.1
  • WordPress WordPress Latest Release Download http://wordpress.org/latest.tar.gz

参考网址

来源: XF 名称: wordpress-multiple-scripts-xss(17532) 链接:http://xforce.iss.net/xforce/xfdb/17532 来源: BID 名称: 11268 链接:http://www.securityfocus.com/bid/11268 来源: SECUNIA 名称: 12683 链接:http://secunia.com/advisories/12683 来源: BUGTRAQ 名称: 20040927 Multiple XSS Vulnerabilities in Wordpress 1.2 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109641484723194&w=2 来源: SECTRACK 名称: 1011440 链接:http://securitytracker.com/id?1011440

受影响实体

  • Wordpress Wordpress:1.2  
    <!--
    2000-1-1
    -->

补丁

    暂无