WordPress.org
Get WordPress

Make WordPress Core

Changes between Initial Version and Version 2 of Ticket #3879


Ignore:
Timestamp:
02/27/2007 05:58:04 PM (18 years ago)
Author:
foolswisdom
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #3879

    • Property Status changed from new to closed
    • Property Resolution changed from to fixed
    • Property Summary changed from XSS in 2.1.1 to XSS in 2.1.1 input passed to the "post" parameter in wp-admin/post.php

  • Ticket #3879 – Description

    initial v2  
    1 http://secunia.com/advisories/24316/ and http://www.securityfocus.com/archive/1/461351/30/0/threaded
     1http://www.securityfocus.com/archive/1/461351/30/0/ threaded. http://secunia.com/advisories/24316/ reads:
     2
     3Input passed to the "post" parameter in wp-admin/post.php (when "action" is set to "delete") is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
     4
     5Successful exploitation requires that the target user is logged in as administrator.