Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: CVE-2007-1732: wordpress mt import XSS https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015 ------- Additional Comments From ville.skytta@xxxxxx 2007-04-09 04:23 EST ------- Just some general data points for consideration, I'm not necessarily disagreeing with comment 1: Missing/ineffective cross site request forgery preventation measures would invalidate the "knowing/willing" assumption. But if I understand correctly, Wordpress's admin UI has that protection. Requiring authentication and willing interaction doesn't IMO make this a feature if the goal was not to provide a possibility for injection of arbitrary markup or scripts; it just affects the attack vectors. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is. -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list
