Bugtraq mailing list archives
RE: Wordpress <= v2.1.0
From: "McCarty, Eric C." <emccarty () er ucsd edu>
Date: Mon, 5 Mar 2007 14:25:07 -0800
2.0.2 Tested and Does not appear Vulnerable. -----Original Message----- From: ciri () virtuax be [mailto:ciri () virtuax be] Sent: Sunday, March 04, 2007 4:56 PM To: bugtraq () securityfocus com Subject: Wordpress <= v2.1.0 If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques. More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt
Current thread:
- Wordpress <= v2.1.0 ciri (Mar 05)
- RE: Wordpress <= v2.1.0 McCarty, Eric C. (Mar 05)
- Re: Wordpress <= v2.1.0 vvitkov () intergenia de (Mar 06)
- <Possible follow-ups>
- Re: Re: Wordpress <= v2.1.0 ciri (Mar 07)