Home > Vulnerability Database > CVE-2007-4153

Mend.io Vulnerability Database

CVE-2007-4153

Date: August 3, 2007

Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

Severity Score

3.1

Related Resources (11)

Url: http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/

Url: http://www.debian.org/security/2008/dsa-1564

Url: http://osvdb.org/46994

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2007-4153

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-4153

Url: http://osvdb.org/46995

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/35720

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/35722

Url: http://codex.wordpress.org/Roles_and_Capabilities

Url: http://secunia.com/advisories/30013

Url: https://www.mend.io/vulnerability-database/CVE-2007-4153

Severity Score

3.1

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	2.1
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2007-4153

Date: August 3, 2007

Severity Score

Related Resources (11)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?