[wp-trac] Re: [WordPress Trac] #2953: XSS Vulnerability in the
WordPress Trac
wp-trac at lists.automattic.com
Fri Jul 14 09:25:10 GMT 2006
#2953: XSS Vulnerability in the 'post_tilte' parameter in wp-admin/page-new.php
while submitting thought the "Create New page" option
----------------------------+-----------------------------------------------
Reporter: NRNandini | Owner: anonymous
Type: defect | Status: new
Priority: high | Milestone:
Component: Administration | Version: 2.0.3
Severity: critical | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Comment (by westi):
The culprity is the dbx box for list the pages so as to select a parent
page this doesn't filter the page title info so you get an alert box every
time you go to page-new.php after creating the initial page. Also
wp_list_pages does the same on the front page of a default themed site.
--
Ticket URL: <http://trac.wordpress.org/ticket/2953>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list