[wp-trac] [WordPress Trac] #3986: XSS in wp_nonce_ays
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 17 04:23:58 GMT 2007
#3986: XSS in wp_nonce_ays
----------------------+-----------------------------------------------------
Reporter: xknown | Owner: anonymous
Type: defect | Status: new
Priority: low | Milestone: 2.1.3
Component: Security | Version: 2.1.2
Severity: normal | Keywords:
----------------------+-----------------------------------------------------
There's a small XSS vulnerability in wp_nonce_ays that requires user
intervention, attribute_escape is useless when _wp_http_referer contains
something like javascript:alert("XSS").
PoC (click "No"):
http://wp/wp-
admin/plugins.php?action=activate&plugin=akismet/akismet.php&_wp_http_referer=javascript:alert(%22XSS%22)
--
Ticket URL: <http://trac.wordpress.org/ticket/3986>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list