Wordpress link-import.php Cross-Site Scripting (XSS) Vulnerability
|Reported by:||BenjaminFlesch||Owned by:||Nazgul|
The parameter opml_url isn’t sanitized and thereby creates an Cross-Site Scripting vulnerability.
Anyways, for a successful attack the _wpnonce Authentication Token is needed so this one is quite useless - No one would use XSS to get a Token in order to use another XSS Vulnerability on the same Domain.
Change History (11)
- Keywords has-patch added
- Owner changed from anonymous to Nazgul
- Status changed from new to assigned
comment:6 markjaquith — 6 years ago
- Milestone changed from 2.3 (trunk) to 2.2.2
- Resolution fixed deleted
- Status changed from closed to reopened