Wordpress <= v2.1.0

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Wordpress <= v2.1.0
From: ciri@xxxxxxxxxx
Date: 5 Mar 2007 00:55:56 -0000

If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques.

More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt

Follow-Ups:
- Re: Wordpress <= v2.1.0
  - From: vvitkov@xxxxxxxxxxxxx
- RE: Wordpress <= v2.1.0
  - From: McCarty, Eric C.

Prev by Date: XSS Remote In vCard 2.6 (c)2002
Next by Date: DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25
Previous by thread: XSS Remote In vCard 2.6 (c)2002
Next by thread: RE: Wordpress <= v2.1.0
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux