Vulnerability CVE-2008-0203

Vulnerability CVE-2008-0203

Published: 2008-01-09 Modified: 2012-02-12

Description:

Multiple cross-site scripting (XSS) vulnerabilities in cryptographp/admin.php in the Cryptographp 1.2 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cryptwidth, (2) cryptheight, (3) bgimg, (4) charR, (5) charG, (6) charB, (7) charclear, (8) tfont, (9) charel, (10) charelc, (11) charelv, (12) charnbmin, (13) charnbmax, (14) charspace, (15) charsizemin, (16) charsizemax, (17) charanglemax, (18) noisepxmin, (19) noisepxmax, (20) noiselinemin, (21) noiselinemax, (22) nbcirclemin, (23) nbcirclemax, or (24) brushsize parameter to wp-admin/options-general.php.

See advisories in our WLB2 database:

	Topic	Author	Date
Med.	Multiple Vulnerabilities in Wordpress and other Web applications	3APA3A and MustL...	13.01.2008

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

Affected software
Wordpress -> Cryptographp

References:

http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html

http://securityreason.com/securityalert/3539

http://websecurity.com.ua/1596/

http://www.securityfocus.com/archive/1/485786/100/0/threaded

Copyright 2024, cxsecurity.com