[wp-trac] [WordPress Trac] #47910: Stored Xss
WordPress Trac
noreply at wordpress.org
Wed Aug 21 09:00:07 UTC 2019
#47910: Stored Xss
-----------------------------+-----------------------------
Reporter: wildfighter0481 | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.2.2
Severity: normal | Keywords: new
Focuses: |
-----------------------------+-----------------------------
Description:
XSS (Cross-Site Scripting) allows an attacker to execute a dynamic script
(Javascript, VbScript) in the context of the application. This allows
several different attack opportunities, mostly hijacking the current
session of the user or changing the look of the page by changing the HTML
on the fly to steal the user's credentials. This happens because the input
entered by a user has been interpreted as HTML/Javascript/VbScript by the
browser.
Step To Reproduce:
1) Select theme from theme store i choose social-care-lite theme
2) Go to menus options and add menus
3) then change menus name to <script>alert(555)</script>
4) publish page and refresh it
5) and execute xss
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47910>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list