| Vulnerability Name: | CVE-2006-0733 (CCN-24736) | ||||||||
| Assigned: | 2006-02-14 | ||||||||
| Published: | 2006-02-14 | ||||||||
| Updated: | 2018-10-19 | ||||||||
| Summary: | ** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. Note: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.4 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
2.4 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Feb 14 2006 - 17:15:38 CST [myimei]WordPress2.0.0~autorswebsite~XSS attack Source: MITRE Type: CNA CVE-2006-0733 Source: MISC Type: Exploit, Vendor Advisory http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html Source: CCN Type: WordPress Web site WordPress Source: CCN Type: OSVDB ID: 23266 WordPress wp-comments-post.php Author's Website Field XSS Source: BUGTRAQ Type: UNKNOWN 20060214 [myimei]WordPress2.0.0~autors?website~XSS attack Source: BID Type: Exploit 16656 Source: CCN Type: BID-16656 WordPress Comment Post HTML Injection Vulnerability Source: XF Type: UNKNOWN wordpress-authorswebsite-xss(24736) Source: XF Type: UNKNOWN wordpress-authorswebsite-xss(24736) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||