WordPress MU Cross-Site Scripting Vulnerability - Apr09 Network Vulnerability

Summary

The host is running WordPress MU and is prone to Cross-Site Scripting Vulnerability.

Impact

Successful exploitation will let the attacker execute malicious crafted HTTP headers and conduct cross site scripting attacks to gain administrative privileges into the affected web application. Impact Level: Application

Solution

Update to Version 2.7 http://mu.wordpress.org/download

Insight

The vulnerability is due to improper validation of user supplied input in 'wp-includes/wpmu-functions.php' for choose_primary_blog function.

Affected

WordPress MU before 2.7 on all running platform.

References

http://securitytracker.com/alerts/2009/Mar/1021838.html
http://xforce.iss.net/xforce/xfdb/49184

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-1030

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities