[wp-trac] [WordPress Trac] #19014: Titles containing JavaScript execute the JavaScript - XSS risk
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 20 14:22:28 UTC 2011
#19014: Titles containing JavaScript execute the JavaScript - XSS risk
--------------------------+-----------------------------
Reporter: dbvista | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.2.1
Severity: major | Keywords:
--------------------------+-----------------------------
I created a post with this title:
<script lang="javascript">alert('hacked');</script>
When the article rendered, the alert box rendered too. This means
WordPress is vulnerable to JavaScript-based attacks such as cross-site
scripting (XSS).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19014>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list