Description

** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability.

Remediation

References

CVE-2006-0733

Related Vulnerabilities

Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-39206)

PHP Other Vulnerability (CVE-2005-3883)

SharePoint Resource Management Errors Vulnerability (CVE-2008-3006)

WordPress Plugin WP DSGVO Tools (GDPR) PHP Object Injection (2.0.4)

WordPress Plugin WP SVG Icons Multiple Unspecified Vulnerabilities (3.1.8.1)

Severity

Low

Classification

CVE-2006-0733

Tags

Missing Update Known Vulnerabilities