Bugtraq mailing list archives

Wordpress <= v2.1.0

From: ciri () virtuax be
Date: 5 Mar 2007 00:55:56 -0000

If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be 
posted. This can be exploited using XSRF techniques.

More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt

Current thread:

Wordpress <= v2.1.0 ciri (Mar 05)
- RE: Wordpress <= v2.1.0 McCarty, Eric C. (Mar 05)
- Re: Wordpress <= v2.1.0 vvitkov () intergenia de (Mar 06)
- <Possible follow-ups>
- Re: Re: Wordpress <= v2.1.0 ciri (Mar 07)