Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.
| Max Base Score | 6.8 |
| Published | 2006-12-28 |
| Updated | 2017-07-29 |
| EPSS | 2.89% |
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
| Max Base Score | 6.8 |
| Published | 2006-04-17 |
| Updated | 2008-09-05 |
| EPSS | 0.30% |
Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
| Max Base Score | 4.3 |
| Published | 2006-03-19 |
| Updated | 2008-09-05 |
| EPSS | 0.14% |
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.
| Max Base Score | 4.3 |
| Published | 2006-03-03 |
| Updated | 2018-10-18 |
| EPSS | 0.72% |
** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability.
| Max Base Score | 2.6 |
| Published | 2006-02-16 |
| Updated | 2018-10-19 |
| EPSS | 0.37% |
5 vulnerabilities found