CVE-2006-6808 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-6808
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-6808

Description: Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/31133 SAID Secunia Advisory: SA23587 Secunia Advisory: SA23741 MISC http://michaeldaw.org/ GENTOO http://security.gentoo.org/glsa/glsa-200701-10.xml FULLDISC http://marc.theaimsgroup.com/?l=full-disclosure&m=116722128631087&w=2 CONFIRM http://trac.wordpress.org/changeset/4665 BID 21782

Return to the previous page.