Summary
The host is running WordPress MU, which is prone to Multiple XSS Vulnerabilities.
Impact
Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials.
Impact Level: Application
Solution
Update to Version 2.6 or later.
http://wordpress.org/
Insight
The flaws are due to the 's' and 'ip_address' parameters in wp-admin/wp-blogs.php which is not properly sanitized before being returned to the user.
Affected
WordPress MU before 2.6 on all running platform.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2008-4671 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- 7Media Web Solutions EduTrac Directory Traversal Vulnerability
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- /doc directory browsable ?