id summary reporter owner description type status priority milestone component version severity resolution keywords cc
12781 Minor XSS issue in Twenty Ten theme Viper007Bond ryan "This is in Twenty Ten's `search.php`:
' . get_search_query() . '' ); ?>
`get_search_query()` does not feature any sanitization, so the search string is displayed raw.
To show the vulnerability, write a post with the following content and publish it:
This is a link
Now enter that same string into the search box. The post will show up in the results as expected, but you'll get `Search Results for: This is a link` (which is clickable) instead of the actual search string.
Luckily Twenty Ten shows ""Nothing Found"" if there's no results, so this requires the string to be located in a post.
Still needs to be fixed though. See attached patch." defect (bug) closed high 3.0 Security 3.0 major fixed