Descrição
Cross-site scripting (XSS) vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.
Software
Não informado
Tipo Software
Tema
CVE
CVE-2007-3238
Tags
Nâo informado
Data de publicação
14/06/2007
Última atualização
10/04/2025
Pontuação em CVSS 3.0
---
Não medido