36603 : WordPress Blue Memories Theme index.php s Variable XSS
Printer | http://osvdb.org/36603 | Email This | Edit Vulnerability

Views This Week

Views All Time

Info

Last Modified

6 months ago

Percent Complete

90%

Disclosure

Aug 06, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Xu Yiyang Blue Memories contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' variable upon submission to the theloop.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
OSVDB: Web Related

Solution

Upgrade to version Xu Yiyang Blue Memories 1.5.0.1 or higher, as it has been reported to fix this vulnerability.

Products

Xu Yiyang

Blue Memories

1.5

References

Bugtraq ID: 25215
Vendor Specific News/Changelog Entry: http://xuyiyang.com/2007/06/22/blue-memories-and-spring-updated/
ISS X-Force ID: 35817
Secunia Advisory ID: 26345
CVE ID: 2007-4165 (see also: NVD)
Keyword: XSS

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

2007/08/07 23:13:44 | CVE-2007-4165

from: vdforum : Компьютерные новости

Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown;

Views This Week

Views All Time

Info

Last Modified

Percent Complete

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Xu Yiyang

Blue Memories

References

Credit

Blogs

Comments