CVE-2007-4014

{"id": "CVE-2007-4014", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-07-26T01:30:00.000", "references": [{"url": "http://secunia.com/advisories/26109", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26115", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26116", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/37056", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/37057", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24954", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35472", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35473", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35474", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en un cierto index.php en una secuencia de comandos de instalaci\u00f3n relacionado con los temas (1) Blix 0.9.1, (2) Blixed 1.0, y (3) BlixKrieg (Blix Krieg) 2.2 para WordPress permite a atacantes remotos inyectar secuencias de comandos secuencias de comandos web o HMTL a trav\u00e9s del par\u00e1metro s, posiblemente relacionado con un asunto relacionado con CVE-2007-2757. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros. \r\n"}], "lastModified": "2017-07-29T01:32:40.800", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:wordpress:blix:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D18C857-87A8-4470-8370-5F3F59508EAC"}, {"criteria": "cpe:2.3:a:wordpress:blixed:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F2F33C6-C192-46BE-A415-AED38E93262D"}, {"criteria": "cpe:2.3:a:wordpress:blixkrieg:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6081585B-7845-4688-90EF-5DE2C3E1975B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}