Vulnerability CVE-2007-3238

Vulnerability Name:

CVE-2007-3238 (CCN-34785)

Assigned:

2007-06-08

Published:

2007-06-08

Updated:

2018-10-16

Summary:

Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622.
Note: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

CVSS v3 Severity:

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:U/RC:UR)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Fri Jun 08 2007 - 08:15:38 CDT
Wordpress default theme XSS (admin) and other problems

Source: MISC
Type: UNKNOWN
http://blogsecurity.net/wordpress/news/news-100607-1/

Source: MISC
Type: UNKNOWN
http://codex.wordpress.org/Roles_and_Capabilities

Source: MITRE
Type: CNA
CVE-2007-3238

Source: CCN
Type: mybeNi websecurity blog: July 31st, 2007
Wordpress Persistant XSS Vulnerability in the Default Theme (v.2.2)

Source: MISC
Type: UNKNOWN
http://mybeni.rootzilla.de/mybeNi/2007/wordpress_zeroday_vulnerability_roundhouse_kick_and_why_i_nearly_wrote_the_first_blog_worm/

Source: OSVDB
Type: UNKNOWN
37293

Source: CCN
Type: SA25541
WordPress Unmoderated Comments Disclosure and Default Theme Cross-Site Scripting

Source: SECUNIA
Type: UNKNOWN
25541

Source: SECUNIA
Type: UNKNOWN
29014

Source: SREASON
Type: UNKNOWN
2807

Source: CCN
Type: WordPress Web site
WordPress

Source: DEBIAN
Type: UNKNOWN
DSA-1502

Source: DEBIAN
Type: DSA-1502
wordpress -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 37293
WordPress Default Theme functions.php XSS

Source: BUGTRAQ
Type: UNKNOWN
20070608 Wordpress default theme XSS (admin) and other problems

Source: BID
Type: UNKNOWN
25161

Source: CCN
Type: BID-25161
WordPress Multiple Input Validation Vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.xssnews.com/

Source: XF
Type: UNKNOWN
wordpress-themes-xss(34785)

Source: XF
Type: UNKNOWN
wordpress-themes-xss(34785)

Vulnerable Configuration:

Configuration 1:

cpe:/a:wordpress:wordpress:2.2:-:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:wordpress:wordpress:2.2:-:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:8110	P	DSA-1502 wordpress -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:20097	P	DSA-1502-1 wordpress - multiple vulnerabilities	2014-06-23

BACK