[wp-trac] [WordPress Trac] #47907: Stored XSS
WordPress Trac
noreply at wordpress.org
Tue Aug 20 20:17:52 UTC 2019
#47907: Stored XSS
--------------------------+---------------------------------
Reporter: rohit001 | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 5.2.2
Severity: normal | Resolution: invalid
Keywords: | Focuses: ui, administration
--------------------------+---------------------------------
Changes (by swissspidy):
* keywords: close =>
* status: new => closed
* resolution: => invalid
* severity: major => normal
* milestone: Awaiting Review =>
Comment:
Hi @rohit001
When creating this ticket you were shown a warning that you should not
report potential security vulnerabilities here.
Instead, you should see the [https://make.wordpress.org/core/handbook
/reporting-security-vulnerabilities/ Security FAQ] and visit the
[https://hackerone.com/wordpress WordPress HackerOne program].
In both places you would have learned that
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html users
with administrator or editor privileges can post arbitrary JavaScript],
and that this is totally expected. From your screenshots it's clear that
you're still logged in.
If you think you have found a real security vulnerability, please head
over to HackerOne, and do not post it here.
Thanks for your cooperation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47907#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list