Description

** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability.

Remediation

References

CVE-2006-0733

Related Vulnerabilities

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0060)

WordPress Plugin Autoptimize Multiple Vulnerabilities (2.7.6)

XWiki Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-48240)

Python Improper Input Validation Vulnerability (CVE-2023-24329)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4475)

Severity

Low

Classification

CVE-2006-0733

Tags

Missing Update Known Vulnerabilities