cbcvebase.
CVE-2004-1559
published 2004-12-31

CVE-2004-1559: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to…

PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
6.46%
92.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianwordpress< wordpress 1.2.2-1.1 (bookworm)wordpress 1.2.2-1.1 (bookworm)
wordpresswordpress
wordpresswordpress>= 0 < 1.2.2-1.11.2.2-1.1
wordpresswordpress>= 0 < 1.2.2-1.11.2.2-1.1
wordpresswordpress>= 0 < 1.2.2-1.11.2.2-1.1
wordpresswordpress>= 0 < 1.2.2-1.11.2.2-1.1

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.