1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
PublicDate: 2007-03-28
Candidate: CVE-2007-1732
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1732
Description:
** DISPUTED ** Cross-site scripting (XSS) vulnerability in an mt import in
wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated
administrators to inject arbitrary web script or HTML via the demo
parameter. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information. NOTE: another
researcher disputes this issue, stating that this is legitimate
functionality for administrators. However, it has been patched by at least
one vendor.
Ubuntu-Description:
Notes:
fujitsu> Administrators can post HTML. Terrible.
mdeslaur> disputed. Let's ignore
Bugs:
Priority: negligible
dapper_wordpress: ignored (reached end-of-life)
edgy_wordpress: needs-triage (reached end-of-life)
feisty_wordpress: needs-triage (reached end-of-life)
gutsy_wordpress: needs-triage (reached end-of-life)
hardy_wordpress: ignored
intrepid_wordpress: ignored
jaunty_wordpress: ignored
karmic_wordpress: ignored
devel_wordpress: ignored
upstream_wordpress: ignored
|