Description
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Remediation
References
Related Vulnerabilities
PHP Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2023-0567)
Joomla Other Vulnerability (CVE-2006-1028)
WordPress Plugin Active Directory Integration SQL Injection (1.1.8)
MySQL CVE-2014-6484 Vulnerability (CVE-2014-6484)
Oracle Database Server CVE-2014-4292 Vulnerability (CVE-2014-4292)