What is the severity of CVE-2009-1030?

CVE-2009-1030 has a moderate severity rating due to the potential for cross-site scripting attacks.

How do I fix CVE-2009-1030?

To fix CVE-2009-1030, upgrade your WordPress MU installation to version 2.7 or later.

Which versions of WordPress MU are affected by CVE-2009-1030?

CVE-2009-1030 affects WordPress MU versions prior to 2.7 including 1.5.1, 1.3.3, 2.6.3, and several others.

Can CVE-2009-1030 be exploited remotely?

Yes, CVE-2009-1030 can be exploited remotely by attackers injecting scripts through the HTTP Host header.

What are the potential impacts of CVE-2009-1030?

The potential impact of CVE-2009-1030 includes unauthorized access to user sessions and manipulation of site content.

Vulnerability/
CVE-2009-1030

medium

4.3

CWE

20/3/2009

7/8/2024

CVE-2009-1030: XSS

First published: Fri Mar 20 2009(Updated: )

Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
WordPress	=1.5.1
WordPress	=1.3.3
WordPress	=1.0-rc3
WordPress	=2.6.3
WordPress	=1.2.5a
WordPress	=1.2.3
WordPress	=2.6.1
WordPress	=1.0-rc2
WordPress	=1.3.2
WordPress	=1.0-rc4
WordPress	=2.7
WordPress	=1.2
WordPress	=1.1
WordPress	=1.2.2
WordPress	=1.2.4-rc1
WordPress	<=2.6
WordPress	=1.3
WordPress	=1.3.1
WordPress	=1.1.1
WordPress	=2.6.2
WordPress	=1.5-rc1
WordPress	=1.2.1
WordPress	=1.0
WordPress	=2.6.5
WordPress	=1.0-rc1
WordPress	=1.2.4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-1030?
CVE-2009-1030 has a moderate severity rating due to the potential for cross-site scripting attacks.
How do I fix CVE-2009-1030?
To fix CVE-2009-1030, upgrade your WordPress MU installation to version 2.7 or later.
Which versions of WordPress MU are affected by CVE-2009-1030?
CVE-2009-1030 affects WordPress MU versions prior to 2.7 including 1.5.1, 1.3.3, 2.6.3, and several others.
Can CVE-2009-1030 be exploited remotely?
Yes, CVE-2009-1030 can be exploited remotely by attackers injecting scripts through the HTTP Host header.
What are the potential impacts of CVE-2009-1030?
The potential impact of CVE-2009-1030 includes unauthorized access to user sessions and manipulation of site content.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/wordpress
canonical/wordpress
version/wordpress/1.5.1
version/wordpress/1.3.3
version/wordpress/1.0-rc3
version/wordpress/2.6.3
version/wordpress/1.2.5a
version/wordpress/1.2.3
version/wordpress/2.6.1
version/wordpress/1.0-rc2
version/wordpress/1.3.2
version/wordpress/1.0-rc4
version/wordpress/2.7
version/wordpress/1.2
version/wordpress/1.1
version/wordpress/1.2.2
version/wordpress/1.2.4-rc1
version/wordpress/2.6
version/wordpress/1.3
version/wordpress/1.3.1
version/wordpress/1.1.1
version/wordpress/2.6.2
version/wordpress/1.5-rc1
version/wordpress/1.2.1
version/wordpress/1.0
version/wordpress/2.6.5
version/wordpress/1.0-rc1
version/wordpress/1.2.4