CVE-2009-1030
published 2009-03-20CVE-2009-1030: Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote…
PriorityP422medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.66%
90.6th percentile
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| wordpress | wordpress_mu | <= 2.6 | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
| wordpress | wordpress_mu | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
wordpress-mu: XSS vulnerability in helper function for WPMU
vendor_redhat·2008-12-03·CVSS 4.3
CVE-2009-1030 [MEDIUM] CWE-79 wordpress-mu: XSS vulnerability in helper function for WPMU
wordpress-mu: XSS vulnerability in helper function for WPMU
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
GHSA
GHSA-fg2g-28hw-pqvr: Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions
ghsa_unreviewed·2022-05-02
CVE-2009-1030 [MEDIUM] CWE-79 GHSA-fg2g-28hw-pqvr: Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
No detection rules found.
Exploit-DB
Zabbix Server - Multiple Vulnerabilities
exploitdb·2009-12-14
CVE-2009-4501 Zabbix Server - Multiple Vulnerabilities
Zabbix Server - Multiple Vulnerabilities
---
Zabbix Server : Multiple remote vulnerabilities From: Nicob
Date: Sun, 13 Dec 2009 16:28:35 +0100
From Wikipedia : "Zabbix is a network management system application
[...] designed to monitor and track the status of various network
services, servers, and other network hardware."
[Zabbix Server : Remote command execution]
Impacted software : Zabbix Server
Zabbix reference : https://support.zabbix.com/browse/ZBX-1030
Patched version : 1.8
Faulty source code : function node_process_command() in
zabbix_server/trapper/nodecommand.c
Changelog entry : fixed security vulnerability in server allowing remote
unauthenticated users to execute scripts
[Zabbix Server : Remote SQL execution]
Impacted software : Zabbix Server
Zabbix reference : https:
Exploit-DB
WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
exploitdb·2009-03-10
CVE-2009-1030 WordPress MU < 2.7 - 'HOST' HTTP Header Cross-Site Scripting
WordPress MU
1833
1834
1835
1836
1837 ID );
1839 if( count( $all_blogs ) > 1 ) {
1840 $primary_blog = get_usermeta($current_user->ID,
'primary_blog');
1841 ?>
1842
1843
1844 userblog_id
?>'userblog_id ) echo '
selected="selected"' ?>>http://domain.$blog->path
?>
1845
1846
1847
1852
1853
1854
1855 "
http://www.example.com/wp-admin/profile.php> tmp.html
$ firefox tmp.html
The javascript code will be executed in the context of the victim
browser, this can be exploited to steal cookies and escalate
privileges to administrator.
Tested with Wordpress MU 2.6.5, Apache 2.2 and Mozilla Firefox 3.0.6
V. BUSINESS IMPACT
The impact is the attacker can gain administrator privileges on the
application.
VI. SYSTEMS AFFECTED
Versions prior to 2.7 are affected
VII. SOLUTION
Upgrade to version 2.7 of w
http://marc.info/?l=bugtraq&m=126996727024732&w=2http://www.securityfocus.com/archive/1/501667/100/0/threadedhttp://www.securityfocus.com/bid/34075http://www.securitytracker.com/id?1021838https://exchange.xforce.ibmcloud.com/vulnerabilities/49184https://www.exploit-db.com/exploits/8196http://marc.info/?l=bugtraq&m=126996727024732&w=2http://www.securityfocus.com/archive/1/501667/100/0/threadedhttp://www.securityfocus.com/bid/34075http://www.securitytracker.com/id?1021838https://exchange.xforce.ibmcloud.com/vulnerabilities/49184https://www.exploit-db.com/exploits/8196
2009-03-20
Published