Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER[REQUEST_URI]).
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wordpress | Wordpress | * | 2.0 (including) |
| Wordpress | Wordpress | 0.6.2-beta_2 (including) | 0.6.2-beta_2 (including) |
| Wordpress | Wordpress | 0.6.2.1-beta_2 (including) | 0.6.2.1-beta_2 (including) |
| Wordpress | Wordpress | 0.7 (including) | 0.7 (including) |
| Wordpress | Wordpress | 0.71 (including) | 0.71 (including) |
| Wordpress | Wordpress | 1.0 (including) | 1.0 (including) |
| Wordpress | Wordpress | 1.0.1 (including) | 1.0.1 (including) |
| Wordpress | Wordpress | 1.0.2 (including) | 1.0.2 (including) |
| Wordpress | Wordpress | 1.2 (including) | 1.2 (including) |
| Wordpress | Wordpress | 1.2.1 (including) | 1.2.1 (including) |
| Wordpress | Wordpress | 1.2.2 (including) | 1.2.2 (including) |
| Wordpress | Wordpress | 1.5 (including) | 1.5 (including) |
| Wordpress | Wordpress | 1.5.1 (including) | 1.5.1 (including) |
| Wordpress | Wordpress | 1.5.1.2 (including) | 1.5.1.2 (including) |
| Wordpress | Wordpress | 1.5.1.3 (including) | 1.5.1.3 (including) |
| Wordpress | Wordpress | 1.5.2 (including) | 1.5.2 (including) |
| Wordpress | Wordpress | 2.0 (including) | 2.0 (including) |