{"id":"CVE-2006-6808","details":"Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.  NOTE: some sources have reported this as a vulnerability in the get_file_description function in wp-admin/admin-functions.php.","modified":"2026-04-10T03:37:53.750266Z","published":"2006-12-28T21:28:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/23587"},{"type":"ADVISORY","url":"http://secunia.com/advisories/23741"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200701-10.xml"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2006/5191"},{"type":"EVIDENCE","url":"http://michaeldaw.org/"},{"type":"FIX","url":"http://michaeldaw.org/"},{"type":"FIX","url":"http://www.securityfocus.com/bid/21782"},{"type":"WEB","url":"http://marc.info/?l=full-disclosure&m=116722128631087&w=2"},{"type":"WEB","url":"http://trac.wordpress.org/changeset/4665"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/31133"}],"schema_version":"1.7.5"}