Make WordPress Core

Opened 7 years ago

Closed 7 years ago

#4691 closed defect (bug) (fixed)

Wordpress link-import.php Cross-Site Scripting (XSS) Vulnerability

Reported by: BenjaminFlesch Owned by: Nazgul
Milestone: 2.0.11 Priority: normal
Severity: normal Version: 2.2.1
Component: Security Keywords: has-patch
Focuses: Cc:


The parameter opml_url isn’t sanitized and thereby creates an Cross-Site Scripting vulnerability.

Anyways, for a successful attack the _wpnonce Authentication Token is needed so this one is quite useless - No one would use XSS to get a Token in order to use another XSS Vulnerability on the same Domain.

Attachments (2)

4691.diff (444 bytes) - added by Nazgul 7 years ago.
for_22.patch (488 bytes) - added by g30rg3x 7 years ago.
For Branch 2.2

Download all attachments as: .zip

Change History (11)

comment:1 Nazgul7 years ago

  • Milestone set to 2.3 (trunk)

I'm unable to reproduce this one.

Could you give some more info?

comment:2 BenjaminFlesch7 years ago

ah sorry, its the cat_id . Cat_id -> XSS, but you need _wpnonces.

Nazgul7 years ago

comment:3 Nazgul7 years ago

  • Keywords has-patch added
  • Owner changed from anonymous to Nazgul
  • Status changed from new to assigned

comment:4 matt7 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [5835]) Sanitize cat_id, fixes #4691

g30rg3x7 years ago

For Branch 2.2

comment:5 g30rg3x7 years ago

also apply this for branch 2.2, thanks in advance...

comment:6 markjaquith7 years ago

  • Milestone changed from 2.3 (trunk) to 2.2.2
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:7 markjaquith7 years ago

(In [5840]) Sanitize cat_id, fixes #4691 for 2.2.x, thanks g30rg3x

comment:8 markjaquith7 years ago

  • Milestone changed from 2.2.2 to 2.0.11

comment:9 markjaquith7 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [5841]) Sanitize cat_id, fixes #4691 for 2.0.x

Note: See TracTickets for help on using tickets.