CVE-2007-1622

NameCVE-2007-1622
DescriptionCross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATH_INFO in the administration interface, related to loose regular expression processing of PHP_SELF.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1285-1
NVD severitymedium (attack range: remote, user-initiated)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wordpress (PTS)squeeze, squeeze (security)3.6.1+dfsg-1~deb6u4fixed
squeeze (lts)3.6.1+dfsg-1~deb6u6fixed
wheezy3.6.1+dfsg-1~deb7u5fixed
wheezy (security)3.6.1+dfsg-1~deb7u6fixed
jessie (security), jessie4.1+dfsg-1+deb8u1fixed
stretch4.2.2+dfsg-1fixed
sid4.2.3+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wordpresssource(unstable)2.1.3-1medium
wordpresssourceetch2.0.10-1mediumDSA-1285-1

Search for package or bug name: Reporting problems