Cross-site Scripting Vulnerability in /wp-admin/setup-config
|Reported by:||danielmiessler||Owned by:|
There appears to be a vulnerability in the setup-config file whereby a user can submit script to the dbhost parameter and have it echoed back by WordPress. I have attached an image for your review.
Change History (11)
comment:4 follow-up: ↓ 6 @SergeyBiryukov — 5 years ago
- Keywords has-patch added; xss security vulnerability removed
Note: See TracTickets for help on using tickets.