Web application abuses : WordPress MU Multiple XSS Vulnerabilities (Oct 2008)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800125

Categoría: Web application abuses

Título: WordPress MU Multiple XSS Vulnerabilities (Oct 2008)

Resumen: WordPress MU is prone to multiple cross-site scripting (XSS); vulnerabilities.

Descripción: Summary:
WordPress MU is prone to multiple cross-site scripting (XSS)
vulnerabilities.

Vulnerability Insight:
The flaws are due to the 's' and 'ip_address' parameters in
wp-admin/wp-blogs.php which is not properly sanitized before being returned to the user.

Vulnerability Impact:
Successful attack could lead to execution of arbitrary HTML and
script code in the context of an affected site and attackers can steal cookie-based authentication credentials.

Affected Software/OS:
WordPress MU before 2.6 on all running platform.

Solution:
Update to Version 2.6 or later.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-4671
BugTraq ID: 31482
http://www.securityfocus.com/bid/31482
http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html
http://secunia.com/advisories/32060
XForce ISS Database: wordpressmu-wpblogs-xss(45512)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45512

Copyright Copyright (C) 2008 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800125
Categoría:	Web application abuses
Título:	WordPress MU Multiple XSS Vulnerabilities (Oct 2008)
Resumen:	WordPress MU is prone to multiple cross-site scripting (XSS); vulnerabilities.
Descripción:	Summary: WordPress MU is prone to multiple cross-site scripting (XSS) vulnerabilities. Vulnerability Insight: The flaws are due to the 's' and 'ip_address' parameters in wp-admin/wp-blogs.php which is not properly sanitized before being returned to the user. Vulnerability Impact: Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials. Affected Software/OS: WordPress MU before 2.6 on all running platform. Solution: Update to Version 2.6 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4671 BugTraq ID: 31482 http://www.securityfocus.com/bid/31482 http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064748.html http://secunia.com/advisories/32060 XForce ISS Database: wordpressmu-wpblogs-xss(45512) https://exchange.xforce.ibmcloud.com/vulnerabilities/45512
Copyright	Copyright (C) 2008 Greenbone AG