Description

Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.

Remediation

References

CVE-2006-6808

Related Vulnerabilities

Zope Web Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5489)

WordPress Plugin Contact Form DB Cross-Site Scripting (2.10.29)

GlassFish CVE-2017-3249 Vulnerability (CVE-2017-3249)

MediaWiki Improper Access Control Vulnerability (CVE-2016-6336)

Joomla! Core 3.0.x Security Bypass (3.0.0 - 3.0.3)

Severity

Medium

Classification

CVE-2006-6808

Tags

Missing Update Known Vulnerabilities