漏洞信息详情
WordPress多个跨站脚本漏洞
- CNNVD编号:CNNVD-200412-137
- 危害等级: 中危
![图片[1]-WordPress多个跨站脚本漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-08-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2004-1559
- 漏洞类型:
跨站脚本
- 发布时间:
2004-12-31
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
wordpress - 漏洞来源:
Discovery is credi… -
漏洞简介
Wordpress 1.2版本存在多个跨站脚本(XSS)漏洞。远程攻击者可以借助各种参数注入任意web脚本或HTMl,这些参数包括(1)wp-login.php的redirect_to,text,popupurl或popuptitle参数,(2)admin-header.php的redirect_url参数(3)bookmarklet.php的 popuptitle,popupurl, content或post_title参数(4)categories.php的cat_ID 参数(5)edit.php的s参数或 (6)edit-comments.php的s或mode参数。
漏洞公告
The vendor has released WordPress version 1.2.1 to address these issues.
Update: It is reported that version 1.2.1 did not completely fix these issues. It is reported that version 1.2.2 has been released, and that it fixes all issues described in this BID.
WordPress WordPress 1.2
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
WordPress WordPress 1.2.1
-
WordPress WordPress Latest Release Download
http://wordpress.org/latest.tar.gz
参考网址
来源: XF
名称: wordpress-multiple-scripts-xss(17532)
链接:http://xforce.iss.net/xforce/xfdb/17532
来源: BID
名称: 11268
链接:http://www.securityfocus.com/bid/11268
来源: SECUNIA
名称: 12683
链接:http://secunia.com/advisories/12683
来源: BUGTRAQ
名称: 20040927 Multiple XSS Vulnerabilities in WordPress 1.2
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109641484723194&w=2
来源: SECTRACK
名称: 1011440
链接:http://securitytracker.com/id?1011440
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
