Opened 3 years ago
Closed 3 years ago
#53055 closed defect (bug) (invalid)
Cross-Site Scripting: Reflected
Reported by: | mansontong | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 5.7 |
Component: | Security | Keywords: | |
Focuses: | Cc: |
Description
Cross-Site Scripting: Reflected
Kingdom: Input Validation and Representation
GET /subscriber/wp-admin/themes.php/%37%38%33%36%38 HTTP/1.1
...TRUNCATED.../subscriber/wp-admin/themes.php/78368" />
FOR details, please see this screen capture
http://prntscr.com/11oa70c
Change History (1)
Note: See
TracTickets for help on using
tickets.
Please don't post security issues on the public trac. WordPress has a HackerOne program you can use to report such issues.
That said, this isn't a cross site scripting issue as the code does not execute. These are properly encoded return URLs so appending
alert(1)
to the URL does not produce an alert.