WordPress MU Cross-Site Scripting Vulnerability - Apr09 Network Vulnerability

Summary

The host is running WordPress MU and is prone to Cross-Site Scripting Vulnerability.

Impact

Successful exploitation will let the attacker execute malicious crafted HTTP headers and conduct cross site scripting attacks to gain administrative privileges into the affected web application. Impact Level: Application

Solution

Update to Version 2.7 http://mu.wordpress.org/download

Insight

The vulnerability is due to improper validation of user supplied input in 'wp-includes/wpmu-functions.php' for choose_primary_blog function.

Affected

WordPress MU before 2.7 on all running platform.

References

http://securitytracker.com/alerts/2009/Mar/1021838.html
http://xforce.iss.net/xforce/xfdb/49184

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1030
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Tomcat NIO Connector Denial of Service Vulnerability
Apache Tomcat Directory Listing and File disclosure
Apache ActiveMQ Multiple Vulnerabilities
2532|Gigs Directory Traversal And SQL Injection Multiple Vulnerabilities
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities