CVE

Id
28250  
CVE No.
CVE-2007-4893  
Status
Candidate  
Description
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.  
Phase
Assigned (20070914)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
293048 28250 CVE-2007-4893 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=285831  View
293049 28250 CVE-2007-4893 CONFIRM:http://trac.wordpress.org/ticket/4720  View
293050 28250 CVE-2007-4893 CONFIRM:http://wordpress.org/development/2007/09/wordpress-223/  View
293051 28250 CVE-2007-4893 FEDORA:FEDORA-2007-2143  View
293052 28250 CVE-2007-4893 URL:http://fedoranews.org/updates/FEDORA-2007-214.shtml  View
293053 28250 CVE-2007-4893 BID:25639  View
293054 28250 CVE-2007-4893 URL:http://www.securityfocus.com/bid/25639  View
293055 28250 CVE-2007-4893 VUPEN:ADV-2007-3132  View
293056 28250 CVE-2007-4893 URL:http://www.vupen.com/english/advisories/2007/3132  View
293057 28250 CVE-2007-4893 SECUNIA:26771  View
293058 28250 CVE-2007-4893 URL:http://secunia.com/advisories/26771  View
293059 28250 CVE-2007-4893 SECUNIA:26796  View
293060 28250 CVE-2007-4893 URL:http://secunia.com/advisories/26796  View
293061 28250 CVE-2007-4893 XF:wordpress-wordpressmu-unfilteredhtml-xss(36576)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
57407 JVNDB-2007-006099 Semarang 3 の dwoprn.php におけるディレクトリトラバーサルの脆弱性 Sisfo Kampus 2006 (Semarang 3) の dwoprn.php には、ディレクトリトラバーサルの脆弱性が存在します。 CVE-2007-4895 28250 5 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-006099.html  View