Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1559Cross-site Scripting in Wordpress

10 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
1.3%
top 20.00%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WordpressDebian Wordpress
Timeline
PublishedDec 31
Latest updateApr 29

Description

Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/wordpress< wordpress 1.2.2-1.1 (bookworm)
Debianwordpress/wordpress< 1.2.2-1.1+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-w42r-hrg2-j8mr: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 12022-04-29
OSV
CVE-2004-1559: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 12004-12-31

💥Exploits & PoCs

6
Exploit-DB
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities2004-09-28
Exploit-DB
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting2004-09-28
Exploit-DB
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting2004-09-28
Exploit-DB
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting2004-09-28
Exploit-DB
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities2004-09-28

📋Vendor Advisories

1
Debian
CVE-2004-1559: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remot...2004
CVE-2004-1559 — Cross-site Scripting in Wordpress | cvebase