Check Point Advisories

Update Protection against WordPress Host Header XSS Vulnerability

Check Point Reference: CPAI-2008-241
Date Published: 5 Dec 2008
Severity: Medium
Last Updated: Tuesday 01 January, 2008
Source: Secunia Advisory: SA32882
Industry Reference:CVE-2008-5278
Protection Provided by:
Who is Vulnerable? WordPress 2.x
Vulnerability Description A cross-site scripting vulnerability has been reported in WordPress, an open source blog publishing application. The vulnerability results from improper sanitization of user-supplied input. This allows remote attackers to inject arbitrary web script or HTML in the cotext of an affected site. Reportedly, this only affects IP-based virtual servers running on Apache 2.x.
Vulnerability DetailsInput passed via the HTTP "Host" header is not properly sanitised before being used. An attacker can trigger this to execute arbitrary HTML and script code if malicious data is viewed.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK