{
  "modified": "2025-08-09T19:01:29Z",
  "published": "2007-03-28T20:19:00Z",
  "id": "CVE-2007-1732",
  "details": "Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators.  However, it has been patched by at least one vendor",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/24430"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/24566"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml"
    },
    {
      "type": "ARTICLE",
      "url": "http://marc.info/?l=bugtraq\u0026m=117319839710382\u0026w=2"
    },
    {
      "type": "REPORT",
      "url": "http://secunia.com/advisories/24430"
    },
    {
      "type": "REPORT",
      "url": "http://secunia.com/advisories/24566"
    },
    {
      "type": "WEB",
      "url": "http://codex.wordpress.org/Roles_and_Capabilities"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/33884"
    }
  ],
  "database_specific": {
    "isDisputed": true
  }
}