CVE-2007-4165 — Cross-site Scripting in Wordpress Unamed Theme

CWE-79 — Cross-site Scripting5 documents3 sources

Severity

5.0MEDIUMNVD

NVD4.3

EPSS

1.3%

top 20.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Unamed Theme Wordpress Unamed Theme SE Xuyiyang Blue Memories Theme +1 more

Timeline

PublishedAug 7

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDxuyiyang/blue_memories_theme1.5

▶NVDwordpress/unamed_theme1.217

▶NVDwordpress/unamed_theme_se1.02

▶debiandebian/wordpress

🔴Vulnerability Details

GHSA

GHSA-q28h-4mqg-5p49: Cross-site scripting (XSS) vulnerability in index↗2022-05-01

▶

GHSA

GHSA-9wjm-59qc-x6qf: Cross-site scripting (XSS) vulnerability in index↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2007-4165: wordpress - Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme...↗2007

▶