[wp-trac] Re: [WordPress Trac] #4689: Wordpress uploads.php Cross-Site Scripting Vulnerability

WordPress Trac wp-trac at lists.automattic.com
Tue Jul 31 20:40:33 GMT 2007


#4689: Wordpress uploads.php Cross-Site Scripting Vulnerability
-----------------------------+----------------------------------------------
 Reporter:  BenjaminFlesch   |        Owner:  anonymous
     Type:  enhancement      |       Status:  new      
 Priority:  highest omg bbq  |    Milestone:  2.2.2    
Component:  Security         |      Version:  2.2.1    
 Severity:  critical         |   Resolution:           
 Keywords:  needs-patch      |  
-----------------------------+----------------------------------------------
Changes (by Nazgul):

  * keywords:  => needs-patch
  * milestone:  => 2.2.2

Comment:

 Confirmed on 2.2.1 and trunk.

 Fix should be a putiing in a missing attribute_escape instead of the given
 regex (in my opinion).

-- 
Ticket URL: <http://trac.wordpress.org/ticket/4689#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list