Test ID:	1.3.6.1.4.1.25623.1.0.800376
Category:	Web application abuses
Title:	WordPress MU Cross-Site Scripting Vulnerability (Apr 2009)
Summary:	WordPress MU is prone to a cross-site scripting (XSS) vulnerability.
Description:	Summary: WordPress MU is prone to a cross-site scripting (XSS) vulnerability. Vulnerability Insight: The vulnerability is due to improper validation of user supplied input in 'wp-includes/wpmu-functions.php' for choose_primary_blog function. Vulnerability Impact: Successful exploitation will let the attacker execute malicious crafted HTTP headers and conduct cross site scripting attacks to gain administrative privileges into the affected web application. Affected Software/OS: WordPress MU before 2.7 on all running platform. Solution: Update to Version 2.7 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1030 BugTraq ID: 34075 http://www.securityfocus.com/bid/34075 Bugtraq: 20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability (Google Search) http://www.securityfocus.com/archive/1/501667/100/0/threaded https://www.exploit-db.com/exploits/8196 HPdes Security Advisory: HPSBUX02514 http://marc.info/?l=bugtraq&m=126996727024732&w=2 HPdes Security Advisory: SSRT100010 http://www.securitytracker.com/id?1021838 XForce ISS Database: wordpressmu-wpmufunctions-xss(49184) https://exchange.xforce.ibmcloud.com/vulnerabilities/49184
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.