[wp-trac] [WordPress Trac] #22132: Malicious script allowed in attachment Title, Caption and Description
WordPress Trac
wp-trac at lists.automattic.com
Mon Oct 8 19:04:49 UTC 2012
#22132: Malicious script allowed in attachment Title, Caption and Description
--------------------------+----------------------
Reporter: dglingren | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 3.4.2
Severity: normal | Resolution: invalid
Keywords: |
--------------------------+----------------------
Changes (by nacin):
* status: new => closed
* resolution: => invalid
* component: Media => Security
* milestone: Awaiting Review =>
Comment:
When creating this ticket, this appeared at the top of the form:
> Do not report potential security vulnerabilities here. Read the
[http://codex.wordpress.org/FAQ_Security Security FAQ] and email us at
security at wordpress.org.
This does not appear to be a security vulnerability. See:
http://codex.wordpress.org/FAQ_Security#Why_are_some_users_allowed_to_post_unfiltered_HTML.3F.
You are welcome to email us if there's more here.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22132#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list