Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Wordpress | Wordpress | * | 2.0.5 (including) |
| Wordpress | Wordpress | 0.6.2-beta_2 (including) | 0.6.2-beta_2 (including) |
| Wordpress | Wordpress | 0.6.2.1-beta_2 (including) | 0.6.2.1-beta_2 (including) |
| Wordpress | Wordpress | 0.7 (including) | 0.7 (including) |
| Wordpress | Wordpress | 0.71 (including) | 0.71 (including) |
| Wordpress | Wordpress | 1.2 (including) | 1.2 (including) |
| Wordpress | Wordpress | 1.2.1 (including) | 1.2.1 (including) |
| Wordpress | Wordpress | 1.2.2 (including) | 1.2.2 (including) |
| Wordpress | Wordpress | 1.5 (including) | 1.5 (including) |
| Wordpress | Wordpress | 1.5.1 (including) | 1.5.1 (including) |
| Wordpress | Wordpress | 1.5.1.2 (including) | 1.5.1.2 (including) |
| Wordpress | Wordpress | 1.5.1.3 (including) | 1.5.1.3 (including) |
| Wordpress | Wordpress | 1.5.2 (including) | 1.5.2 (including) |
| Wordpress | Wordpress | 2.0 (including) | 2.0 (including) |
| Wordpress | Wordpress | 2.0.1 (including) | 2.0.1 (including) |
| Wordpress | Wordpress | 2.0.2 (including) | 2.0.2 (including) |
| Wordpress | Wordpress | 2.0.3 (including) | 2.0.3 (including) |
| Wordpress | Wordpress | 2.0.4 (including) | 2.0.4 (including) |
| Wordpress | Ubuntu | dapper | * |
| Wordpress | Ubuntu | edgy | * |