[wp-trac] [WordPress Trac] #53055: Cross-Site Scripting: Reflected
WordPress Trac
noreply at wordpress.org
Mon Apr 19 03:04:00 UTC 2021
#53055: Cross-Site Scripting: Reflected
--------------------------+----------------------
Reporter: mansontong | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Security | Version: 5.7
Severity: normal | Resolution: invalid
Keywords: | Focuses:
--------------------------+----------------------
Changes (by peterwilsoncc):
* status: new => closed
* resolution: => invalid
* component: Administration => Security
* severity: critical => normal
* milestone: Awaiting Review =>
Comment:
Please don't post security issues on the public trac.
[https://hackerone.com/wordpress WordPress has a HackerOne program] you
can use to report such issues.
That said, this isn't a cross site scripting issue as the code does not
execute. These are properly encoded return URLs so appending `alert(1)` to
the URL does not produce an alert.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53055#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list