[wp-trac] [WordPress Trac] #52067: Cross Site Scripting Vulnerability on "Comment" WordPress Version 5.6
WordPress Trac
noreply at wordpress.org
Mon Dec 14 13:14:06 UTC 2020
#52067: Cross Site Scripting Vulnerability on "Comment" WordPress Version 5.6
---------------------------+----------------------
Reporter: tucuong97 | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Script Loader | Version: 5.6
Severity: normal | Resolution: invalid
Keywords: | Focuses:
---------------------------+----------------------
Changes (by Clorith):
* status: new => closed
* severity: critical => normal
* resolution: => invalid
* milestone: Awaiting Review =>
Old description:
> 1. Description:
> ----------------------
> Cross Site Scripting Vulnerability on "Comment" WordPress Version 5.6
>
> 2. To Reproduce:
> ----------------------
> - Go to any post on website using Wordpress Version 5.6
> - Insert Payload in to field "comment"
> - Click "Comment"
> - View the preview to trigger XSS.
>
> 3. Payload:
> ----------------------
>
> test"><script>alert(document.domain)</script>
>
> 4. Screenshots:
> ----------------------
> https://i.imgur.com/jj5ZUSV.png
> https://i.imgur.com/7UdGouq.png
>
> 5. Impact
> Commonly include transmitting private data, like cookies or other session
> information, to the attacker, redirecting the victim to web content
> controlled
> by the attacker, or performing other malicious operations on the user’s
> machine
> under the guise of the vulnerable site.
>
> 6. Desktop (please complete the following information):
> - OS: Ubuntu
> - Browser: Firefox
> - Version: 76.0.1
New description:
1. Description:
----------------------
Cross Site Scripting Vulnerability on "Comment" WordPress Version 5.6
2. To Reproduce:
----------------------
- Go to any post on website using WordPress Version 5.6
- Insert Payload in to field "comment"
- Click "Comment"
- View the preview to trigger XSS.
3. Payload:
----------------------
test"><script>alert(document.domain)</script>
4. Screenshots:
----------------------
https://i.imgur.com/jj5ZUSV.png
https://i.imgur.com/7UdGouq.png
5. Impact
Commonly include transmitting private data, like cookies or other session
information, to the attacker, redirecting the victim to web content
controlled
by the attacker, or performing other malicious operations on the user’s
machine
under the guise of the vulnerable site.
6. Desktop (please complete the following information):
- OS: Ubuntu
- Browser: Firefox
- Version: 76.0.1
--
Comment:
Hi there, and welcome to the WordPress trac.
When submitting a ticket to trac, relating to security, you have to
actively tick the box that states "I am not reporting a potential security
vulnerability", although that is what this is.
All possible security vulnerabilities should be reported to the
[https://hackerone.com/wordpress WordPress HackerOne project page] so that
it can be investigated and appropriate action can be taken in a timely
manner, without causing unnecessary security risks.
You may also find value in reading the
[https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/ core handbook page on responsible disclosure].
Please note that administrator accounts in a default WordPress install
have access to post unfiltered HTML and arbitrary JavaScript code, and is
by design. You can read more about this at
https://make.wordpress.org/core/handbook/testing/reporting-security-
vulnerabilities/#why-are-some-users-allowed-to-post-unfiltered-html
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52067#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list