Description
Cross-site scripting (XSS) vulnerability in the paging links functionality in template-functions-links.php in Wordpress 1.5.2, and possibly other versions before 2.0.1, allows remote attackers to inject arbitrary web script or HTML to Internet Explorer users via the request URI ($_SERVER['REQUEST_URI']).
References (2)
Core 2
Core References
Patch x_refsource_misc
http://trac.wordpress.org/ticket/1686
Patch x_refsource_confirm
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328909
Scores
EPSS
0.0046
EPSS Percentile
64.0%
Details
Status
published
Products (17)
wordpress/wordpress
0.6.2 beta_2
wordpress/wordpress
0.6.2.1 beta_2
wordpress/wordpress
0.7
wordpress/wordpress
0.71
wordpress/wordpress
1.0
wordpress/wordpress
1.0.1
wordpress/wordpress
1.0.2
wordpress/wordpress
1.2
wordpress/wordpress
1.2.1
wordpress/wordpress
1.2.2
... and 7 more
Published
Apr 17, 2006
Tracked Since
Feb 18, 2026