CVE-2007-4014: XSS
First published: Thu Jul 26 2007(Updated: )
Cross-site scripting (XSS) vulnerability in a certain index.php installation script related to the (1) Blix 0.9.1, (2) Blixed 1.0, and (3) BlixKrieg (Blix Krieg) 2.2 themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Blix | =0.9.1 | |
| Wordpress Blixkrieg | =2.2 | |
| WordPress | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/24954
- http://secunia.com/advisories/26109
- http://secunia.com/advisories/26115
- http://secunia.com/advisories/26116
- http://www.osvdb.org/37056
- http://www.osvdb.org/37057
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35474
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35473
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35472
Frequently Asked Questions
What is the severity of CVE-2007-4014?
CVE-2007-4014 is classified as a medium severity cross-site scripting (XSS) vulnerability that can allow remote attackers to inject arbitrary web scripts or HTML.
How do I fix CVE-2007-4014?
To fix CVE-2007-4014, update the affected WordPress themes, Blix 0.9.1, Blixed 1.0, and BlixKrieg 2.2, to their latest patched versions.
Which WordPress themes are affected by CVE-2007-4014?
CVE-2007-4014 affects the Blix 0.9.1, Blixed 1.0, and BlixKrieg 2.2 themes for WordPress.
Can CVE-2007-4014 lead to data theft?
Yes, CVE-2007-4014 can potentially lead to data theft, as an attacker can execute scripts in the context of a user's session.
Is there a workaround for CVE-2007-4014 if I cannot update immediately?
A temporary workaround for CVE-2007-4014 is to disable the affected themes until a proper update can be applied.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/wordpress
- canonical/wordpress blix
- version/wordpress blix/0.9.1
- canonical/wordpress blixkrieg
- version/wordpress blixkrieg/2.2
- canonical/wordpress
- version/wordpress/1.0