BugTraq
Wordpress <= v2.1.0 Mar 05 2007 12:55AM
ciri virtuax be (2 replies)
Re: Wordpress <= v2.1.0 Mar 06 2007 08:29AM
vvitkov (at) intergenia (dot) de [email concealed] (vvitkov intergenia de)
RE: Wordpress <= v2.1.0 Mar 05 2007 10:25PM
McCarty, Eric C. (emccarty er ucsd edu)
2.0.2 Tested and Does not appear Vulnerable.

-----Original Message-----
From: ciri (at) virtuax (dot) be [email concealed] [mailto:ciri (at) virtuax (dot) be [email concealed]]
Sent: Sunday, March 04, 2007 4:56 PM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Subject: Wordpress <= v2.1.0

If you're logged in into wordpress as an admin, your comments aren't
properly sanitized, thus allowing an XSS to be posted. This can be
exploited using XSRF techniques.

More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus