Description

Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.

Remediation

References

CVE-2010-5294

Related Vulnerabilities

WordPress Plugin WP Symposium A Social Network For WordPress Multiple Cross-Site Scripting Vulnerabilities (12.07.07)

Joomla! Core 1.0.x Multiple Vulnerabilities (1.0.0 - 1.0.3)

Jetty CVE-2023-26049 Vulnerability (CVE-2023-26049)

Atlassian Jira CVE-2019-20404 Vulnerability (CVE-2019-20404)

WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities (0.6.2 - 2.1.3)

Severity

Medium

Classification

CVE-2010-5294 CWE-707

Tags

Missing Update Known Vulnerabilities