CVE-2007-3238 in WordPressinfo

Summary

Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

06/14/2007

Disclosure

06/14/2007

Moderation

VulDB entry created

Entries

VDB-3104 (1)

CPE

ready

CWE

CWE-79 (Unconfirmed)

CVSS

6.3

EPSS

0.01473

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2007-3238
NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3238
CVE Details	https://www.cvedetails.com/cve/CVE-2007-3238/

◂ Previous Overview Next ▸

Want to know what is going to be exploited?

We predict KEV entries!