Opened 17 years ago
Closed 17 years ago
#4691 closed defect (bug) (fixed)
Wordpress link-import.php Cross-Site Scripting (XSS) Vulnerability
Reported by: | BenjaminFlesch | Owned by: | Nazgul |
---|---|---|---|
Milestone: | 2.0.11 | Priority: | normal |
Severity: | normal | Version: | 2.2.1 |
Component: | Security | Keywords: | has-patch |
Focuses: | Cc: |
Description
The parameter opml_url isn’t sanitized and thereby creates an Cross-Site Scripting vulnerability.
Anyways, for a successful attack the _wpnonce Authentication Token is needed so this one is quite useless - No one would use XSS to get a Token in order to use another XSS Vulnerability on the same Domain.
Attachments (2)
Change History (11)
#3
@
17 years ago
- Keywords has-patch added
- Owner changed from anonymous to Nazgul
- Status changed from new to assigned
Note: See
TracTickets for help on using
tickets.
I'm unable to reproduce this one.
Could you give some more info?