{
  "modified": "2025-08-09T19:01:27Z",
  "published": "2004-12-31T05:00:00Z",
  "id": "CVE-2004-1559",
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/12683"
    },
    {
      "type": "EVIDENCE",
      "url": "http://secunia.com/advisories/12683"
    },
    {
      "type": "EVIDENCE",
      "url": "http://www.securityfocus.com/bid/11268"
    },
    {
      "type": "FIX",
      "url": "http://www.securityfocus.com/bid/11268"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=109641484723194\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1011440"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17532"
    }
  ]
}