Description

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wp_title function.

Remediation

References

CVE-2007-1894

Related Vulnerabilities

Sqlite Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-19924)

MySQL CVE-2012-0489 Vulnerability (CVE-2012-0489)

Jboss EAP XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2018-1000632)

WebLogic CVE-2024-20927 Vulnerability (CVE-2024-20927)

MySQL CVE-2015-0505 Vulnerability (CVE-2015-0505)

Severity

Medium

Classification

CVE-2007-1894

Tags

Missing Update Known Vulnerabilities