ThreatPress

WordPress Vulnerabilities Database

Back

WordPress <=1.5 - Multiple Cross-Site Scripting (XSS) vulnerabilities

Product
WordPress
Description
Because of these vulnerabilities in template-functions-post.php, attackers can execute arbitrary commands via the title of the post or content.
Solution
Update WordPress to the latest possible version.
Classification
Type XSS (Cross Site Scripting)
OWASP Top 10 A3: Cross Site Scripting (XSS)
References
CVE Mitre
CVE
Name CVE-2005-1102
Versions
Affected In <=1.5
Fixed In 1.5.2
Disclosure date
2005-04-13
Credits
Thomas Waldegger
Submitter
ThreatPress