[wp-trac] [WordPress Trac] #16089: Cross-site Scripting Vulnerability in /wp-admin/setup-config
WordPress Trac
wp-trac at lists.automattic.com
Mon Jan 3 22:45:10 UTC 2011
#16089: Cross-site Scripting Vulnerability in /wp-admin/setup-config
----------------------------+------------------
Reporter: danielmiessler | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.1
Component: General | Version: 3.1
Severity: critical | Resolution:
Keywords: has-patch |
----------------------------+------------------
Comment (by westi):
Replying to [comment:7 ryan]:
> We're protecting against someone purposefully injecting XSS into their
config during setup? Why bother?
Indeed.
If the install isn't setup yet they might as well run it for you and have
the admin account ;-)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16089#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list