Description

** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability.

Remediation

References

CVE-2006-0733

Related Vulnerabilities

WordPress Plugin PitchPrint Arbitrary File Upload (7.1.1)

WordPress Plugin MobiLoud-WordPress Mobile Apps-Convert your WordPress Website to Native Mobile Apps Remote Code Execution (4.0.1)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-46146)

Python Uncontrolled Search Path Element Vulnerability (CVE-2017-20052)

IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3092)

Severity

Low

Classification

CVE-2006-0733

Tags

Missing Update Known Vulnerabilities