[wp-trac] [WordPress Trac] #40638: moxieplayer.swf : allows an open redirect to any site.
WordPress Trac
noreply at wordpress.org
Tue May 2 16:37:06 UTC 2017
#40638: moxieplayer.swf : allows an open redirect to any site.
--------------------------+-----------------------------
Reporter: edubacco | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: TinyMCE | Version: 4.7.4
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
The moxieplayer.swf script allows open redirec to any site. A non kind
person can use this problem to redirect user outside the site.
You can verify this bug accessing the file
{{{
/wp-includes/js/tinymce/plugins/media/moxieplayer.swf
}}}
whith this query string:
{{{
?pos%#ter=https://me6.com/PugOfConcept/pugOfConcept.swf
}}}
so, for example, we can use https://demos1.softaculous.com/WordPress/ wp
install.
https://demos1.softaculous.com/WordPress/wp-
includes/js/tinymce/plugins/media/moxieplayer.swf?pos%#ter=https://me6.com/PugOfConcept/pugOfConcept.swf
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40638>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list