Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
| Max Base Score | 4.3 |
| Published | 2008-11-28 |
| Updated | 2017-08-08 |
| EPSS | 51.22% |
Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN development versions only, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
| Max Base Score | 4.3 |
| Published | 2008-07-18 |
| Updated | 2008-09-05 |
| EPSS | 0.20% |
Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
| Max Base Score | 4.3 |
| Published | 2008-05-02 |
| Updated | 2017-08-08 |
| EPSS | 0.19% |
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) inviteemail parameter in an invite action to wp-admin/users.php and the (2) to parameter in a sent action to wp-admin/invites.php.
| Max Base Score | 4.3 |
| Published | 2008-03-12 |
| Updated | 2018-10-11 |
| EPSS | 0.44% |
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.
| Max Base Score | 4.3 |
| Published | 2008-01-10 |
| Updated | 2018-10-15 |
| EPSS | 0.65% |
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.
| Max Base Score | 4.3 |
| Published | 2008-01-10 |
| Updated | 2018-10-15 |
| EPSS | 0.64% |
6 vulnerabilities found