WordPress.MU.Prior.to.2.7.Cross-site.Scripting.Vuln

description-logoDescription

WordPress MU, or WordPressu, is the multi-user version of WordPress. It is ideal for people who want to set up a large network of blogs.
WordPress MU is no longer a separate project; it is continuing development as part of the main WordPress branch under the name multisite or MS.
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. (CVE-2009-1030)

affected-products-logoAffected Products

WordPress MU (WPMU) before 2.7

Impact logoImpact

The vulnerability would allow remote attackers to inject arbitrary web script or HTML.

recomended-action-logoRecommended Actions

Please upgrade to the latest version of WordPress from the vendor's website: http://wordpress.org/download .

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)