Vulnerability Description
Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757, CVE-2007-4014, and CVE-2007-4165. NOTE: some of these details are obtained from third party information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wordpress | Unamed Theme | 1.217 |
| Wordpress | Unamed Theme Se | 1.02 |
References
- http://osvdb.org/36604
- http://secunia.com/advisories/26321Vendor Advisory
- http://www.securityfocus.com/bid/25215
- http://xuyiyang.com/2007/06/29/unnamed-1-217/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35821
- http://osvdb.org/36604
- http://secunia.com/advisories/26321Vendor Advisory
- http://www.securityfocus.com/bid/25215
- http://xuyiyang.com/2007/06/29/unnamed-1-217/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35821
FAQ
What is CVE-2007-4166?
CVE-2007-4166 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cross-site scripting (XSS) vulnerability in index.php in the Unnamed theme 1.217, and Special Edition (SE) 1.02, before 20070804 for WordPress allows remote attackers to inject arbitrary web script or...
How severe is CVE-2007-4166?
CVE-2007-4166 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4166?
Check the references section above for vendor advisories and patch information. Affected products include: Wordpress Unamed Theme, Wordpress Unamed Theme Se.