CVE-2007-4483 — Cross-site Scripting in Wordpress

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 33.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordpress Debian Wordpress Wordpress Wordpressclassic

Timeline

PublishedAug 22

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDwordpress/wordpressclassic1.5

▶debiandebian/wordpress< wordpress 2.1.3-1 (bookworm)

▶Debianwordpress/wordpress< 2.1.3-1+3

🔴Vulnerability Details

GHSA

GHSA-4x9v-v5pj-g8rv: Cross-site scripting (XSS) vulnerability in index↗2022-05-01

▶

OSV

CVE-2007-4483: Cross-site scripting (XSS) vulnerability in index↗2007-08-22

▶

📋Vendor Advisories

Debian

CVE-2007-4483: wordpress - Cross-site scripting (XSS) vulnerability in index.php in the WordPress Classic 1...↗2007

▶