Home > Vulnerability Database > CVE-2007-1622

Mend.io Vulnerability Database

CVE-2007-1622

Date: March 22, 2007

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.

Severity Score

3.7

Related Resources (10)

Url: http://www.securityfocus.com/bid/23027

Url: http://secunia.com/advisories/25108

Url: http://sla.ckers.org/forum/read.php?2%2C7935#msg-8006

Url: http://www.vupen.com/english/advisories/2007/1005

Url: http://secunia.com/advisories/24567

Url: http://www.debian.org/security/2007/dsa-1285

Url: http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-1622

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-1622

Url: https://www.mend.io/vulnerability-database/CVE-2007-1622

Severity Score

3.7

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-1622

Date: March 22, 2007

Severity Score

Related Resources (10)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?