Opened 14 years ago
Closed 14 years ago
#16997 closed defect (bug) (invalid)
XSS bug(QuickPress title)
Reported by: | apr_inoue | Owned by: | apr_inoue |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 3.1 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
I found XSS bug QuickPress Title on dashboard.
WordPress version: 3.0.5(Japanese), 3.1(English) and 3.1(Japanese)
Change History (3)
Note: See
TracTickets for help on using
tickets.
I'd just like to direct you to our published guidelines on how to report security issues: http://codex.wordpress.org/Reporting_Bugs#Reporting_security_issues
If you could send an email through to security at wordpress.org with the exact details, we can investigate the claims.
However, I'd like to mention that it's by design that users (with the unfiltered_html capability) can by default include HTML in their post titles.