Description

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.

Remediation

References

CVE-2008-0192

Related Vulnerabilities

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-2628)

Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

WordPress Plugin Shopping Cart & eCommerce Store Arbitrary File Upload (3.0.8)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

WordPress Plugin Banner Cycler Cross-Site Request Forgery (1.4)

Severity

Medium

Classification

CVE-2008-0192 CWE-707

Tags

Missing Update Known Vulnerabilities