WordPress MU Multiple XSS Vulnerabilities - Oct08 Network Vulnerability

Summary

The host is running WordPress MU, which is prone to Multiple XSS Vulnerabilities.

Impact

Successful attack could lead to execution of arbitrary HTML and script code in the context of an affected site and attackers can steal cookie-based authentication credentials. Impact Level: Application

Solution

Update to Version 2.6 or later. http://wordpress.org/

Insight

The flaws are due to the 's' and 'ip_address' parameters in wp-admin/wp-blogs.php which is not properly sanitized before being returned to the user.

Affected

WordPress MU before 2.6 on all running platform.

References

http://secunia.com/advisories/32060

Updated on 2017-03-28

Severity

Classification

CVE CVE-2008-4671
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
7Media Web Solutions EduTrac Directory Traversal Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
/doc directory browsable ?

Take action and discover your vulnerabilities