Make WordPress Core

Opened 13 years ago

Closed 13 years ago

#16997 closed defect (bug) (invalid)

XSS bug(QuickPress title)

Reported by: apr_inoue's profile apr_inoue Owned by: apr_inoue's profile apr_inoue
Milestone: Priority: normal
Severity: normal Version: 3.1
Component: General Keywords:
Focuses: Cc:


I found XSS bug QuickPress Title on dashboard.

WordPress version: 3.0.5(Japanese), 3.1(English) and 3.1(Japanese)

Change History (3)

#1 @dd32
13 years ago

I'd just like to direct you to our published guidelines on how to report security issues:

If you could send an email through to security at with the exact details, we can investigate the claims.

However, I'd like to mention that it's by design that users (with the unfiltered_html capability) can by default include HTML in their post titles.

#2 @apr_inoue
13 years ago

  • Owner set to apr_inoue
  • Status changed from new to reviewing

I send an email.

#3 @nacin
13 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from reviewing to closed
Note: See TracTickets for help on using tickets.