WordPress “year” XSS - Exabytes Security Portal

Categories

Applications (244)
Blogs (7)
Content Management (158)
Customer Relationship (4)
Discussion Boards (35)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (357)
Access Bypass (53)
Cross Site Scripting (134)
Denial Of Service (2)
File Inclusion (53)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (137)

WordPress “year” XSS

Published by CS Lee March 14th, 2007 in Content Management and Cross Site Scripting.

Application: Wordpress CMS
Version: 2.1.2 or earlier
Vendor’s URL: http://wordpress.org/
Bug Type: Cross Site Scripting
Risk: High

Solution:
- Edit the source code in general-template.php to ensure the input is sanitized
- http://trac.wordpress.org/changeset/5003

0 Responses to “WordPress “year” XSS”

Feed for this Entry Trackback Address

No Comments

Leave a Reply

You must login to post a comment.

Search

Subscribe

Entries RSS

Latest

Archives