CVE-2008-0691 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Simon Elvery	Wp-footnotes
Wordpress	Wp-footnotes

Configuration 1 [-]

OR	cpe:2.3:a:simon_elvery:wp-footnotes:2.2:::::::*
	cpe:2.3:a:wordpress:wp-footnotes:2.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/28772
http://securityreason.com/securityalert/3634
http://www.securityfocus.com/archive/1/487430/100/0/threaded
http://www.securityfocus.com/bid/27572
https://exchange.xforce.ibmcloud.com/vulnerabilities/40218

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-02-12T00:00:00

Updated: 2024-08-07T07:54:23.246Z

Reserved: 2008-02-11T00:00:00

Link: CVE-2008-0691

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-02-12T01:00:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-0691

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-02-01T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "3634", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3634"}, {"name": "28772", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28772"}, {"name": "wpfootnotes-adminpanel-security-bypass(40218)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40218"}, {"name": "20080201 Wordpress Pluging wp-footnotes 2.2 (admin_panel.php) Multiple Vulnerabilites", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487430/100/0/threaded"}, {"name": "27572", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27572"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-0691", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "3634", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3634"}, {"name": "28772", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28772"}, {"name": "wpfootnotes-adminpanel-security-bypass(40218)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40218"}, {"name": "20080201 Wordpress Pluging wp-footnotes 2.2 (admin_panel.php) Multiple Vulnerabilites", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487430/100/0/threaded"}, {"name": "27572", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27572"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T07:54:23.246Z"}, "title": "CVE Program Container", "references": [{"name": "3634", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3634"}, {"name": "28772", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28772"}, {"name": "wpfootnotes-adminpanel-security-bypass(40218)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40218"}, {"name": "20080201 Wordpress Pluging wp-footnotes 2.2 (admin_panel.php) Multiple Vulnerabilites", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/487430/100/0/threaded"}, {"name": "27572", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27572"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-0691", "datePublished": "2008-02-12T00:00:00", "dateReserved": "2008-02-11T00:00:00", "dateUpdated": "2024-08-07T07:54:23.246Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simon_elvery:wp-footnotes:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "6564486B-D0E0-40EB-B06F-7238BE3D561C", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordpress:wp-footnotes:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FD380FCB-7236-4171-9C12-E2B1ACE6094F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php in the Simon Elvery WP-Footnotes 2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], and (4) wp_footnotes_current_settings[post_footnotes] parameters."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de secuencias de sitios cruzados (XSS) en admin_panel.php de la extensi\u00f3n Simon Elvery WP-Footnotes 2.2 para WordPress permiten a atacantes remoros inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) wp_footnotes_current_settings[priority], (2) wp_footnotes_current_settings[style_rules], (3) wp_footnotes_current_settings[pre_footnotes], y (4) wp_footnotes_current_settings[post_footnotes]."}], "id": "CVE-2008-0691", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-02-12T01:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28772"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3634"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/487430/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27572"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40218"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/28772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/487430/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40218"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}