Description
Cross-site scripting (XSS) vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative session.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2006-3705 Vulnerability (CVE-2006-3705)
WordPress Plugin Thank You Counter Button Cross-Site Scripting (1.8.2)
WebLogic CVE-2016-3510 Vulnerability (CVE-2016-3510)
Python NULL Pointer Dereference Vulnerability (CVE-2019-5010)
Squid Improper Input Validation Vulnerability (CVE-2012-5643)