Package: wordpress Version: 2.0.5-0.1 Severity: normal
Technical Description A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code. This issue is due to an input validation error in the "get_file_description()" function when called via the "wp-admin/templates.php" script, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site. Affected Products WordPress version 2.0.5 and prior Solution A fix is available via CVS : http://trac.wordpress.org/changeset/4665 References http://www.frsirt.com/english/advisories/2006/5191 http://michaeldaw.org/md-hacks/wordpress-persistent-xss/ -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-686 Locale: LANG=es_ES.utf8, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages wordpress depends on: ii apache2 2.2.3-3.2 Next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.2.3-3.2 Traditional model for Apache HTTPD ii mysql-client-5.0 [virtual-mys 5.0.30-1 mysql database client binaries ii php5 5.2.0-8 server-side, HTML-embedded scripti ii php5-mysql 5.2.0-8 MySQL module for php5 wordpress recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
