Summary
The host is running WordPress and is prone to Cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is being viewed.
Impact Level: Application
Solution
Upgrade to WordPress version 3.0.4 or later
For updates refer to http://wordpress.org/download/
Insight
The flaw is caused by input validation errors in the 'KSES HTML/XHTML' filter (wp-includes/kses.php) when processing user-supplied data, which could be exploited by attackers to execute arbitrary script code on the user's browser session in the security context of an affected site.
Affected
WordPress versions prior to 3.0.4
References
Severity
Classification
-
CVE CVE-2010-4536 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities