Ticket #4691 (closed defect (bug): fixed)

Opened 5 years ago

Last modified 5 years ago

Wordpress link-import.php Cross-Site Scripting (XSS) Vulnerability

Reported by: BenjaminFlesch Owned by: Nazgul
Priority: normal Milestone: 2.0.11
Component: Security Version: 2.2.1
Severity: normal Keywords: has-patch
Cc:

Description

The parameter opml_url isn’t sanitized and thereby creates an Cross-Site Scripting vulnerability.

Anyways, for a successful attack the _wpnonce Authentication Token is needed so this one is quite useless - No one would use XSS to get a Token in order to use another XSS Vulnerability on the same Domain.

Attachments

4691.diff Download (444 bytes) - added by Nazgul 5 years ago.
for_22.patch Download (488 bytes) - added by g30rg3x 5 years ago.
For Branch 2.2

Change History

comment:1   Nazgul5 years ago

  • Milestone set to 2.3 (trunk)

I'm unable to reproduce this one.

Could you give some more info?

comment:2   BenjaminFlesch5 years ago

ah sorry, its the cat_id . Cat_id -> XSS, but you need _wpnonces.

Nazgul5 years ago

comment:3   Nazgul5 years ago

  • Keywords has-patch added
  • Owner changed from anonymous to Nazgul
  • Status changed from new to assigned

comment:4   matt5 years ago

  • Status changed from assigned to closed
  • Resolution set to fixed

(In [5835]) Sanitize cat_id, fixes #4691

g30rg3x5 years ago

For Branch 2.2

comment:5   g30rg3x5 years ago

also apply this for branch 2.2, thanks in advance...

comment:6   markjaquith5 years ago

  • Status changed from closed to reopened
  • Resolution fixed deleted
  • Milestone changed from 2.3 (trunk) to 2.2.2

comment:7   markjaquith5 years ago

(In [5840]) Sanitize cat_id, fixes #4691 for 2.2.x, thanks g30rg3x

comment:8   markjaquith5 years ago

  • Milestone changed from 2.2.2 to 2.0.11

comment:9   markjaquith5 years ago

  • Status changed from reopened to closed
  • Resolution set to fixed

(In [5841]) Sanitize cat_id, fixes #4691 for 2.0.x

Note: See TracTickets for help on using tickets.