[wp-trac] [WordPress Trac] #16089: Cross-site Scripting Vulnerability in /wp-admin/setup-config
WordPress Trac
wp-trac at lists.automattic.com
Mon Jan 3 17:44:17 UTC 2011
#16089: Cross-site Scripting Vulnerability in /wp-admin/setup-config
----------------------------+------------------------------------------
Reporter: danielmiessler | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.1
Severity: critical | Keywords: xss, security, vulnerability
----------------------------+------------------------------------------
There appears to be a vulnerability in the setup-config file whereby a
user can submit script to the dbhost parameter and have it echoed back by
WordPress. I have attached an image for your review.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16089>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list