CVE Vulnerabilities

CVE-2007-0106

Published: Jan 09, 2007 | Modified: Oct 16, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

Affected Software

Name Vendor Start Version End Version
Wordpress Wordpress 2.0 2.0
Wordpress Wordpress 2.0.2 2.0.2
Wordpress Wordpress 2.0.1 2.0.1
Wordpress Wordpress 2.0.4 2.0.4
Wordpress Wordpress 2.0.5 2.0.5
Wordpress Wordpress 2.0.3 2.0.3

References