漏洞信息详情
WordPress 跨站脚本攻击漏洞
- CNNVD编号:CNNVD-200701-053
- 危害等级: 中危
![图片[1]-WordPress 跨站脚本攻击漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2007-0106
- 漏洞类型:
跨站脚本
- 发布时间:
2007-01-08
- 威胁类型:
远程
- 更新时间:
2007-01-15
- 厂 商:
wordpress - 漏洞来源:
Stefan Esser is cr… -
漏洞简介
WordPress 2.0.6之前的版本中的跨站请求伪造保护方案存在跨站脚本攻击漏洞。远程攻击者可以借助一个带有URL变量名中的一个无效的标识符和引号符或HTML标签的跨站请求伪造攻击,来注入任意的web脚本或HTML。当WordPress生成一个新的链接来验证该请求时,该漏洞未能得到正确的处理。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
WordPress WordPress (B2) 0.6.2 .1
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress (B2) 0.6.2
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 0.7
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 0.71
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.2
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.2.1
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.2.2
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.1 .3
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.1
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.1 .2
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 1.5.2
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.1
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.2
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.3
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.4
WordPress latest.zipWordPress 2.0.6
http://www.wordpress.com/latest.zip
WordPress WordPress 2.0.5
WordPress latest.zipWordPress 2.0.6
参考网址
来源: BID
名称: 21893
链接:http://www.securityfocus.com/bid/21893
来源: wordpress.org
链接:http://wordpress.org/development/2007/01/wordpress-206/
来源: BUGTRAQ
名称: 20070105 Advisory 01/2007: WordPress CSRF Protection XSS Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/456048/100/0/threaded
来源: MISC
链接:http://www.hardened-php.net/advisory_012007.140.html
来源: VUPEN
名称: ADV-2007-0061
链接:http://www.frsirt.com/english/advisories/2007/0061
来源: SECUNIA
名称: 23595
链接:http://secunia.com/advisories/23595
来源: OSVDB
名称: 33397
来源: SREASON
名称: 2114
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
