Description

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

Remediation

References

CVE-2007-1230

Related Vulnerabilities

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8152)

Oracle Database Server CVE-2006-5337 Vulnerability (CVE-2006-5337)

Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5333)

WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-21371)

WordPress Plugin Testimonial Slider SQL Injection (1.2.4)

Severity

Medium

Classification

CVE-2007-1230

Tags

Missing Update Known Vulnerabilities