CVE-2007-1622

medium

Description

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

References

http://www.vupen.com/english/advisories/2007/1005

http://www.securityfocus.com/bid/23027

http://www.debian.org/security/2007/dsa-1285

http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006

http://secunia.com/advisories/25108

http://secunia.com/advisories/24567

Details

Source: Mitre, NVD

Published: 2007-03-23

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium