[wp-trac] [WordPress Trac] #48840: Stored Xss on WordPress
WordPress Trac
noreply at wordpress.org
Sat Nov 30 08:34:17 UTC 2019
#48840: Stored Xss on WordPress
---------------------------+----------------------
Reporter: mousecybersec | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Editor | Version: trunk
Severity: normal | Resolution: invalid
Keywords: | Focuses:
---------------------------+----------------------
Changes (by SergeyBiryukov):
* status: new => closed
* focuses: accessibility =>
* severity: critical => normal
* component: Post Formats => Editor
* milestone: Awaiting Review =>
* resolution: => invalid
Comment:
Hi there, welcome to WordPress Trac!
When writing the ticket you should have seen this notice:
> **Do not report potential security vulnerabilities here.**
> See the [https://make.wordpress.org/core/handbook/reporting-security-
vulnerabilities/ Security FAQ] and visit the
[https://hackerone.com/wordpress WordPress HackerOne program].
Worth noting this is not a real security issue since administrators or
editors are able to [https://make.wordpress.org/core/handbook/testing
/reporting-security-vulnerabilities/#why-are-some-users-allowed-to-post-
unfiltered-html post arbitrary JavaScript].
If you think you have found a real security vulnerability, please head
over to HackerOne, and do not post it here.
Thanks for your cooperation.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48840#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list