[wp-trac] [WordPress Trac] #4236: XSS in template header of the styles.css

WordPress Trac wp-trac at lists.automattic.com
Tue May 8 12:44:39 GMT 2007

#4236: XSS in template header of the styles.css
 Reporter:  codein          |       Owner:  anonymous   
     Type:  defect          |      Status:  new         
 Priority:  normal          |   Milestone:  2.4         
Component:  Administration  |     Version:              
 Severity:  normal          |    Keywords:  needs-patch,
 cross site scripting is possible if someone place a line in the
 template/style.css file.
 the value of the template-metatags should be convert to HTML entities.

 example (style.css):

 Version: <script>alert(document.cookie);</script>1.6

 i tested it with WP-Version 2.1.3

Ticket URL: <http://trac.wordpress.org/ticket/4236>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list