mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-14 23:28:04 +02:00
0xMarcio
770 B
770 B
CVE-2007-4893
Description
wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a does not properly verify the unfiltered_html privilege, which allows remote attackers to conduct cross-site scripting (XSS) attacks via modified data to (1) post.php or (2) page.php with a no_filter field.
POC
Reference
No PoCs from references.