[wp-trac] [WordPress Trac] #47163: Stored XSS on Comments
WordPress Trac
noreply at wordpress.org
Tue May 7 05:46:14 UTC 2019
#47163: Stored XSS on Comments
--------------------------+-----------------------------
Reporter: down3rz | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 5.1.1
Severity: major | Keywords:
Focuses: |
--------------------------+-----------------------------
The script i used was :
{{{
<a onmouseover=alert('XSS')>Click me</A>
}}}
I executed this script on comments and this showed up
[[Image(http://justpwn.com/wp-content/uploads/2019/05/t1.jpg)]]
Im sure this is severe and im waiting for the fix, thank you im not good
in writing write-ups.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47163>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list