[wp-trac] [WordPress Trac] #44430: Stored XSS Vulberability found in wordpress new page create (post-new.php?post_type=page)
WordPress Trac
noreply at wordpress.org
Fri Jun 22 02:30:44 UTC 2018
#44430: Stored XSS Vulberability found in wordpress new page create (post-
new.php?post_type=page)
--------------------------+-----------------------------
Reporter: jayeshpatel | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.9.6
Severity: critical | Keywords:
Focuses: |
--------------------------+-----------------------------
When we create new page wordpress control admin page with insert XSS
script in page title, the attack is underway.
Reproduced :
http://192.168.0.12/wordpress/wp-admin/post-new.php?post_type=page
Here, In title add <script>alert('xss')</script>
Now access this page.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44430>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list