[wp-trac] [WordPress Trac] #4691: Wordpress link-import.php
Cross-Site Scripting (XSS) Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Tue Jul 31 20:08:58 GMT 2007
#4691: Wordpress link-import.php Cross-Site Scripting (XSS) Vulnerability
----------------------------+-----------------------------------------------
Reporter: BenjaminFlesch | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Security | Version: 2.2.1
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
The parameter opml_url isn’t sanitized and thereby creates an Cross-Site
Scripting vulnerability.
Anyways, for a successful attack the _wpnonce Authentication Token is
needed so this one is quite useless - No one would use XSS to get a Token
in order to use another XSS Vulnerability on the same Domain.
--
Ticket URL: <http://trac.wordpress.org/ticket/4691>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list