[wp-trac] Re: [WordPress Trac] #3879: XSS in 2.1.1 input passed to
the "post" parameter in wp-admin/post.php
WordPress Trac
wp-trac at lists.automattic.com
Tue Feb 27 17:58:04 GMT 2007
#3879: XSS in 2.1.1 input passed to the "post" parameter in wp-admin/post.php
----------------------+-----------------------------------------------------
Reporter: Reaper-X | Owner: anonymous
Type: defect | Status: closed
Priority: low | Milestone: 2.1.2
Component: Security | Version: 2.1.1
Severity: normal | Resolution: fixed
Keywords: |
----------------------+-----------------------------------------------------
Changes (by foolswisdom):
* summary: XSS in 2.1.1 => XSS in 2.1.1 input passed to the "post"
parameter in wp-admin/post.php
Old description:
> http://secunia.com/advisories/24316/ and
> http://www.securityfocus.com/archive/1/461351/30/0/threaded
New description:
http://www.securityfocus.com/archive/1/461351/30/0/ threaded.
http://secunia.com/advisories/24316/ reads:
Input passed to the "post" parameter in wp-admin/post.php (when "action"
is set to "delete") is not properly sanitised before being returned to a
user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
Successful exploitation requires that the target user is logged in as
administrator.
--
Ticket URL: <http://trac.wordpress.org/ticket/3879#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list