ID | CVE-2004-1559 | ||||||||||
Summary | Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. | ||||||||||
References | |||||||||||
Vulnerable Configurations |
|
||||||||||
CVSS |
|
||||||||||
CWE | NVD-CWE-Other | ||||||||||
CAPEC |
|
||||||||||
Access |
|
||||||||||
Impact |
|
||||||||||
cvss-vector via4 | AV:N/AC:M/Au:N/C:N/I:P/A:N | ||||||||||
refmap via4 |
|
||||||||||
Last major update | 11-07-2017 - 01:31 | ||||||||||
Published | 31-12-2004 - 05:00 | ||||||||||
Last modified | 11-07-2017 - 01:31 |