Description

Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

Remediation

References

CVE-2010-5294

Related Vulnerabilities

Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2729)

WordPress Plugin Profiles 'bio-img.php' SQL Injection (2.0RC1)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7890)

MySQL CVE-2021-35607 Vulnerability (CVE-2021-35607)

Internet Information Services Other Vulnerability (CVE-1999-0448)

Severity

Medium

Classification

CVE-2010-5294 CWE-707

Tags

Missing Update Known Vulnerabilities