[wp-trac] [WordPress Trac] #16997: XSS bug(QuickPress title)
WordPress Trac
wp-trac at lists.automattic.com
Wed Mar 30 02:20:41 UTC 2011
#16997: XSS bug(QuickPress title)
--------------------------+------------------------------
Reporter: apr_inoue | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.1
Severity: normal | Resolution:
Keywords: |
--------------------------+------------------------------
Comment (by dd32):
I'd just like to direct you to our published guidelines on how to report
security issues:
http://codex.wordpress.org/Reporting_Bugs#Reporting_security_issues
If you could send an email through to security at wordpress.org with the
exact details, we can investigate the claims.
However, I'd like to mention that it's by design that users (with the
unfiltered_html capability) can by default include HTML in their post
titles.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/16997#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list