FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- multiple vulnerabilities

Affected packages
wordpress < 1.5.1.2,1

Details

VuXML ID a4955b32-ed84-11d9-8310-0001020eed82
Discovery 2005-04-12
Entry 2005-07-05

A Gentoo Linux Security Advisory reports:

Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks.

An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the ability to inject and execute malicious script code or to steal cookie-based authentication credentials, potentially compromising the victim's browser.

[source]

References

CVE Name CVE-2005-1810
URL http://www.gentoo.org/security/en/glsa/glsa-200506-04.xml

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.