{"id":"CVE-2007-1732","details":"Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators.  However, it has been patched by at least one vendor","modified":"2026-04-10T03:39:04.828819Z","published":"2007-03-28T20:19:00Z","database_specific":{"isDisputed":true},"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/24430"},{"type":"ADVISORY","url":"http://secunia.com/advisories/24566"},{"type":"ADVISORY","url":"http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml"},{"type":"ARTICLE","url":"http://marc.info/?l=bugtraq&m=117319839710382&w=2"},{"type":"REPORT","url":"http://secunia.com/advisories/24430"},{"type":"REPORT","url":"http://secunia.com/advisories/24566"},{"type":"WEB","url":"http://codex.wordpress.org/Roles_and_Capabilities"},{"type":"WEB","url":"http://osvdb.org/33884"}],"schema_version":"1.7.5"}