Vulnerability Name:

CVE-2007-4014 (CCN-35472)

Assigned:2007-07-18
Published:2007-07-18
Updated:2017-07-29
Summary:Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757.
Note: the provenance of this information is unknown; the details are obtained solely from third party information.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-4014

Source: CCN
Type: SA26109
WordPress Blix Theme Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
26109

Source: CCN
Type: SA26115
WordPress BlixKrieg Theme "s" Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
26115

Source: CCN
Type: SA26116
WordPress Blixed Theme "s" Cross-Site Scripting

Source: SECUNIA
Type: Vendor Advisory
26116

Source: CCN
Type: Blix theme for Wordpress Web site
Blix Preview

Source: OSVDB
Type: UNKNOWN
37056

Source: OSVDB
Type: UNKNOWN
37057

Source: CCN
Type: OSVDB ID: 37056
WordPress BlixKrieg Theme s Parameter XSS

Source: CCN
Type: OSVDB ID: 37057
WordPress Blixed Theme index.php s Parameter XSS

Source: BID
Type: UNKNOWN
24954

Source: CCN
Type: BID-24954
WordPress Multiple Themes S Parameter Cross-Site Scripting Vulnerability

Source: XF
Type: UNKNOWN
blix-wordpress-index-xss(35472)

Source: XF
Type: UNKNOWN
bllix-wordpress-index-xss(35472)

Source: XF
Type: UNKNOWN
blixed-wordpress-index-xss(35473)

Source: XF
Type: UNKNOWN
blixkrieg-wordpress-index-xss(35474)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wordpress:blix:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:wordpress:blixed:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:wordpress:blixkrieg:2.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2007-4014 (CCN-35473)

    Assigned:2007-07-18
    Published:2007-07-18
    Updated:2007-07-18
    Summary:Blixed theme for Wordpress is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the index.php script. A remote attacker could exploit this vulnerability using the 's' field to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
    CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
    3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2007-4014

    Source: CCN
    Type: SA24954
    MediaBeez "server.php" SQL Execution Vulnerability

    Source: CCN
    Type: SA26109
    WordPress Blix Theme Cross-Site Scripting Vulnerabilities

    Source: CCN
    Type: SA26115
    WordPress BlixKrieg Theme "s" Cross-Site Scripting

    Source: CCN
    Type: SA26116
    WordPress Blixed Theme "s" Cross-Site Scripting

    Source: CCN
    Type: Theme Corp Web site
    Blixed

    Source: CCN
    Type: OSVDB ID: 37056
    WordPress BlixKrieg Theme s Parameter XSS

    Source: CCN
    Type: OSVDB ID: 37057
    WordPress Blixed Theme index.php s Parameter XSS

    Source: CCN
    Type: BID-24954
    WordPress Multiple Themes S Parameter Cross-Site Scripting Vulnerability

    Source: XF
    Type: UNKNOWN
    blixed-wordpress-index-xss(35473)

    Vulnerability Name:

    CVE-2007-4014 (CCN-35474)

    Assigned:2007-07-18
    Published:2007-07-18
    Updated:2017-07-29
    Summary:Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757.
    Note: the provenance of this information is unknown; the details are obtained solely from third party information.
    CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): High
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
    3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:U/RC:UR)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2007-4014

    Source: CCN
    Type: SA26109
    WordPress Blix Theme Cross-Site Scripting Vulnerabilities

    Source: CCN
    Type: SA26115
    WordPress BlixKrieg Theme "s" Cross-Site Scripting

    Source: CCN
    Type: SA26116
    WordPress Blixed Theme "s" Cross-Site Scripting

    Source: CCN
    Type: OSVDB ID: 37056
    WordPress BlixKrieg Theme s Parameter XSS

    Source: CCN
    Type: OSVDB ID: 37057
    WordPress Blixed Theme index.php s Parameter XSS

    Source: CCN
    Type: BID-24954
    WordPress Multiple Themes S Parameter Cross-Site Scripting Vulnerability

    Source: CCN
    Type: BlixKrieg theme for Wordpress Web site
    BlixKrieg Theme - UtheGuru.com

    Source: XF
    Type: UNKNOWN
    blixkrieg-wordpress-index-xss(35474)

    BACK
    wordpress blix 0.9.1
    wordpress blixed 1.0
    wordpress blixkrieg 2.2