CVE-2007-0106

Publication date 9 January 2007

Last updated 24 July 2024


Ubuntu priority

Cross-site scripting (XSS) vulnerability in the CSRF protection scheme in WordPress before 2.0.6 allows remote attackers to inject arbitrary web script or HTML via a CSRF attack with an invalid token and quote characters or HTML tags in URL variable names, which are not properly handled when WordPress generates a new link to verify the request.

Status

Package Ubuntu Release Status
wordpress 9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
7.10 gutsy
Not affected
7.04 feisty
Not affected
6.10 edgy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life