WordPress.org

Make WordPress Core

Opened 12 years ago

Closed 12 years ago

#4691 closed defect (bug) (fixed)

Wordpress link-import.php Cross-Site Scripting (XSS) Vulnerability

Reported by: BenjaminFlesch Owned by: Nazgul
Milestone: 2.0.11 Priority: normal
Severity: normal Version: 2.2.1
Component: Security Keywords: has-patch
Focuses: Cc:
PR Number:

Description

The parameter opml_url isn’t sanitized and thereby creates an Cross-Site Scripting vulnerability.

Anyways, for a successful attack the _wpnonce Authentication Token is needed so this one is quite useless - No one would use XSS to get a Token in order to use another XSS Vulnerability on the same Domain.

Attachments (2)

4691.diff (444 bytes) - added by Nazgul 12 years ago.
for_22.patch (488 bytes) - added by g30rg3x 12 years ago.
For Branch 2.2

Download all attachments as: .zip

Change History (11)

#1 @Nazgul
12 years ago

  • Milestone set to 2.3 (trunk)

I'm unable to reproduce this one.

Could you give some more info?

#2 @BenjaminFlesch
12 years ago

ah sorry, its the cat_id . Cat_id -> XSS, but you need _wpnonces.

@Nazgul
12 years ago

#3 @Nazgul
12 years ago

  • Keywords has-patch added
  • Owner changed from anonymous to Nazgul
  • Status changed from new to assigned

#4 @matt
12 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [5835]) Sanitize cat_id, fixes #4691

@g30rg3x
12 years ago

For Branch 2.2

#5 @g30rg3x
12 years ago

also apply this for branch 2.2, thanks in advance...

#6 @markjaquith
12 years ago

  • Milestone changed from 2.3 (trunk) to 2.2.2
  • Resolution fixed deleted
  • Status changed from closed to reopened

#7 @markjaquith
12 years ago

(In [5840]) Sanitize cat_id, fixes #4691 for 2.2.x, thanks g30rg3x

#8 @markjaquith
12 years ago

  • Milestone changed from 2.2.2 to 2.0.11

#9 @markjaquith
12 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [5841]) Sanitize cat_id, fixes #4691 for 2.0.x

Note: See TracTickets for help on using tickets.