CVE-2007-2757
published 2007-05-18CVE-2007-2757: Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1)…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.90%
91.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dean_j_robinson | redoable | — | — |
| debian | wordpress | — | — |
| wordpress | blix | — | — |
| wordpress | blixed | — | — |
| wordpress | blixkrieg | — | — |
| wordpress | unamed_theme | — | — |
| wordpress | unamed_theme_se | — | — |
| xuyiyang | blue_memories_theme | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_debian6.8LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jhx6-4qw4-hqm9: Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1
ghsa_unreviewed·2022-05-01
CVE-2007-2757 [MEDIUM] GHSA-jhx6-4qw4-hqm9: Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1
Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) wp-content/themes/redoable/searchloop.php or (2) wp-content/themes/redoable/header.php.
GHSA
GHSA-q28h-4mqg-5p49: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-4165 [MEDIUM] CWE-79 GHSA-q28h-4mqg-5p49: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
GHSA
GHSA-9wjm-59qc-x6qf: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-4166 [MEDIUM] GHSA-9wjm-59qc-x6qf: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.
GHSA
GHSA-r6f5-7qgq-p53v: Cross-site scripting (XSS) vulnerability in a certain index
ghsa_unreviewed·2022-05-01·CVSS 6.8
CVE-2007-4014 [MEDIUM] GHSA-r6f5-7qgq-p53v: Cross-site scripting (XSS) vulnerability in a certain index
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Debian
CVE-2007-4165: wordpress - Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme...
vendor_debian·2007·CVSS 6.8
CVE-2007-4165 [MEDIUM] CVE-2007-4165: wordpress - Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme...
Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/37040http://osvdb.org/37041http://redlevel.org/wp-content/uploads/redoable.txthttp://secunia.com/advisories/25310http://securityreason.com/securityalert/2721http://www.securityfocus.com/archive/1/468892/100/0/threadedhttp://www.securityfocus.com/bid/24037https://exchange.xforce.ibmcloud.com/vulnerabilities/34363http://osvdb.org/37040http://osvdb.org/37041http://redlevel.org/wp-content/uploads/redoable.txthttp://secunia.com/advisories/25310http://securityreason.com/securityalert/2721http://www.securityfocus.com/archive/1/468892/100/0/threadedhttp://www.securityfocus.com/bid/24037https://exchange.xforce.ibmcloud.com/vulnerabilities/34363
2007-05-18
Published