Make WordPress Core

Opened 14 years ago

Closed 14 years ago

#16997 closed defect (bug) (invalid)

XSS bug(QuickPress title)

Reported by: apr_inoue's profile apr_inoue Owned by: apr_inoue's profile apr_inoue
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: General Keywords:
Focuses: Cc:

Description

I found XSS bug QuickPress Title on dashboard.

WordPress version: 3.0.5(Japanese), 3.1(English) and 3.1(Japanese)

Change History (3)

#1 @dd32
14 years ago

I'd just like to direct you to our published guidelines on how to report security issues: http://codex.wordpress.org/Reporting_Bugs#Reporting_security_issues

If you could send an email through to security at wordpress.org with the exact details, we can investigate the claims.

However, I'd like to mention that it's by design that users (with the unfiltered_html capability) can by default include HTML in their post titles.

#2 @apr_inoue
14 years ago

  • Owner set to apr_inoue
  • Status changed from new to reviewing

I send an email.
Thanks.

#3 @nacin
14 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.