[wp-hackers] XSS vulnerability?

Peter Westwood peter.westwood at ftwr.co.uk
Tue Aug 1 10:22:19 GMT 2006


On Tue, August 1, 2006 10:10 am, f.terenzani at gmail.com wrote:
> Hi all, i have read this fix [http://trac.wordpress.org/ticket/2953]
> on the WP 2.0.4:
> XSS Vulnerability in the 'post_tilte' parameter in
> wp-admin/page-new.php while submitting thought the "Create New page"
> option.
>
> But I think this vulnerability there also is in the 'the_content'
> parameter if you put on post.php post field:
>
> <script><!--
> alert('XSS Vulnerable');
> --></script>
>
> For this reason I had made the script manager plugin
> [http://wp-plugins.net/plugin/script-manager/]
>
> This have to be considered a bug?

No.

The admin (and any other user with the unfiltered_html capability) can
post whatever they like by design. (As ryan wrote in reply to that trac
ticket)

A low level user or commenter without this capability will have the script
tag stripped out by kses.

westi
-- 
Peter Westwood <peter.westwood at ftwr.co.uk>
http://blog.ftwr.co.uk


More information about the wp-hackers mailing list