CVE-2004-1559
published 2004-12-31CVE-2004-1559: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
6.46%
92.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wordpress | < wordpress 1.2.2-1.1 (bookworm) | wordpress 1.2.2-1.1 (bookworm) |
| wordpress | wordpress | — | — |
| wordpress | wordpress | >= 0 < 1.2.2-1.1 | 1.2.2-1.1 |
| wordpress | wordpress | >= 0 < 1.2.2-1.1 | 1.2.2-1.1 |
| wordpress | wordpress | >= 0 < 1.2.2-1.1 | 1.2.2-1.1 |
| wordpress | wordpress | >= 0 < 1.2.2-1.1 | 1.2.2-1.1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2004-1559: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remot...
vendor_debian·2004·CVSS 4.3
CVE-2004-1559 [MEDIUM] CVE-2004-1559: wordpress - Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remot...
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
Scope: local
bookworm: resolved (fixed in 1.2.2-1.1)
bullseye: resolved (fixed in 1.2.2-1.1)
forky: resolved (fixed in 1.2.2-1.1)
sid: resolved (fixed in 1.2.2-1.1)
trixie: resolved (fixed in 1.2.2-1.1)
GHSA
GHSA-w42r-hrg2-j8mr: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1
ghsa_unreviewed·2022-04-29
CVE-2004-1559 [MEDIUM] GHSA-w42r-hrg2-j8mr: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
OSV
CVE-2004-1559: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1
osv·2004-12-31·CVSS 4.3
CVE-2004-1559 [MEDIUM] CVE-2004-1559: Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
No detection rules found.
Exploit-DB
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2004-09-28
CVE-2004-1559 WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/11268/info
It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
Wordpress 1.2 is reported vulnerable, however, other versions may be affected as well.
/bookmarklet.php?popuptitle=[XSS]
/bookmarklet.php?popupurl=[XSS]
/bookmarklet.php?content=[XSS]
/bookmarklet.php?post_title=[XSS]
Exploit-DB
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
exploitdb·2004-09-28
CVE-2004-1559 WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11268/info
It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
Wordpress 1.2 is reported vulnerable, however, other versions may be affected as well.
/admin-header.php?redirect=1&redirect_url=%22;alert(document.cookie)//
Exploit-DB
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
exploitdb·2004-09-28
CVE-2004-1559 WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11268/info
It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
Wordpress 1.2 is reported vulnerable, however, other versions may be affected as well.
/edit.php?s=[XSS]
Exploit-DB
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
exploitdb·2004-09-28
CVE-2004-1559 WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/11268/info
It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
Wordpress 1.2 is reported vulnerable, however, other versions may be affected as well.
/categories.php?action=edit&cat_ID=[XSS]
Exploit-DB
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2004-09-28
CVE-2004-1559 WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/11268/info
It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
Wordpress 1.2 is reported vulnerable, however, other versions may be affected as well.
/edit-comments.php?s=[XSS]
/edit-comments.php?mode=[XSS]
Exploit-DB
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2004-09-28
CVE-2004-1559 WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/11268/info
It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
Wordpress 1.2 is reported vulnerable, however, other versions may be affected as well.
/wp-login.php?redirect_to=[XSS]
/wp-login.php?mode=bookmarklet&text=[XSS]
/wp-login.php?mode=bookmarklet&popupurl=[XSS]
/wp-login.php?mode=bookmarklet&popuptitle=[XSS]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=109641484723194&w=2http://secunia.com/advisories/12683http://securitytracker.com/id?1011440http://www.securityfocus.com/bid/11268https://exchange.xforce.ibmcloud.com/vulnerabilities/17532http://marc.info/?l=bugtraq&m=109641484723194&w=2http://secunia.com/advisories/12683http://securitytracker.com/id?1011440http://www.securityfocus.com/bid/11268https://exchange.xforce.ibmcloud.com/vulnerabilities/17532
2004-12-31
Published