[wp-trac] Re: [WordPress Trac] #4689: Wordpress uploads.php
Cross-Site Scripting Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Tue Jul 31 20:40:33 GMT 2007
#4689: Wordpress uploads.php Cross-Site Scripting Vulnerability
-----------------------------+----------------------------------------------
Reporter: BenjaminFlesch | Owner: anonymous
Type: enhancement | Status: new
Priority: highest omg bbq | Milestone: 2.2.2
Component: Security | Version: 2.2.1
Severity: critical | Resolution:
Keywords: needs-patch |
-----------------------------+----------------------------------------------
Changes (by Nazgul):
* keywords: => needs-patch
* milestone: => 2.2.2
Comment:
Confirmed on 2.2.1 and trunk.
Fix should be a putiing in a missing attribute_escape instead of the given
regex (in my opinion).
--
Ticket URL: <http://trac.wordpress.org/ticket/4689#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list