Summary
The host is running WordPress MU and is prone to Cross-Site Scripting Vulnerability.
Impact
Successful exploitation will let the attacker execute malicious crafted HTTP headers and conduct cross site scripting attacks to gain administrative privileges into the affected web application.
Impact Level: Application
Solution
Update to Version 2.7
http://mu.wordpress.org/download
Insight
The vulnerability is due to improper validation of user supplied input in 'wp-includes/wpmu-functions.php' for choose_primary_blog function.
Affected
WordPress MU before 2.7 on all running platform.
References
Severity
Classification
-
CVE CVE-2009-1030 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
- Apache Open For Business HTML injection vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability