Description

Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.

Remediation

References

CVE-2006-0985

Related Vulnerabilities

Atlassian Confluence Uncontrolled Search Path Element Vulnerability (CVE-2021-43940)

WordPress 2.0.5 Charset Decoding SQL Injection Vulnerability (0.6.2 - 2.0.5)

MySQL CVE-2022-21321 Vulnerability (CVE-2022-21321)

Django Incorrect Default Permissions Vulnerability (CVE-2020-24583)

Nginx Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-9511)

Severity

Medium

Classification

CVE-2006-0985

Tags

Missing Update Known Vulnerabilities