CVE-2007-1230 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordpress	Wordpress

Configuration 1 [-]

cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/34361
http://secunia.com/advisories/24566
http://trac.wordpress.org/changeset/4951
http://trac.wordpress.org/changeset/4952
http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml
http://www.vupen.com/english/advisories/2007/0756

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-03-02T22:00:00

Updated: 2024-08-07T12:50:35.582Z

Reserved: 2007-03-02T00:00:00

Link: CVE-2007-1230

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-02T22:19:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-1230

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-02-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-03-31T09:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://trac.wordpress.org/changeset/4952"}, {"name": "ADV-2007-0756", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0756"}, {"name": "24566", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24566"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://trac.wordpress.org/changeset/4951"}, {"name": "GLSA-200703-23", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml"}, {"name": "34361", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34361"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-1230", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://trac.wordpress.org/changeset/4952", "refsource": "CONFIRM", "url": "http://trac.wordpress.org/changeset/4952"}, {"name": "ADV-2007-0756", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0756"}, {"name": "24566", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24566"}, {"name": "http://trac.wordpress.org/changeset/4951", "refsource": "CONFIRM", "url": "http://trac.wordpress.org/changeset/4951"}, {"name": "GLSA-200703-23", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml"}, {"name": "34361", "refsource": "OSVDB", "url": "http://osvdb.org/34361"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:50:35.582Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.wordpress.org/changeset/4952"}, {"name": "ADV-2007-0756", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0756"}, {"name": "24566", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24566"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://trac.wordpress.org/changeset/4951"}, {"name": "GLSA-200703-23", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml"}, {"name": "34361", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/34361"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-1230", "datePublished": "2007-03-02T22:00:00", "dateReserved": "2007-03-02T00:00:00", "dateUpdated": "2024-08-07T12:50:35.582Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:wordpress:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8A3624D4-E666-4A1B-B465-714ACBA0034C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en wp_includes/functions.php de WordPress anterior a 2.1.2-alpha permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de (1)la acbecera HTTP Referer o (2) el URI, una vulnerabilidad distinta de CVE-2007-1049."}], "id": "CVE-2007-1230", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-02T22:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/34361"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/24566"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://trac.wordpress.org/changeset/4951"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://trac.wordpress.org/changeset/4952"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/34361"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/24566"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://trac.wordpress.org/changeset/4951"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://trac.wordpress.org/changeset/4952"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0756"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}