WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#9917 closed defect (bug) (invalid)

SECURITY VULNERABILITY

Reported by: epicreviews Owned by:
Milestone: Priority: highest omg bbq
Severity: critical Version: 2.7.1
Component: General Keywords:
Focuses: Cc:

Description

Comments have a huge vulnerability

<script language="javascript">alert('Security');</script>

This set off a problem when someone was testing for me.
anything that uses javascript does it
htmlentities would protect it

This totally screwed up my categories with just a test.

Change History (1)

comment:1 ryan5 years ago

  • Milestone Unassigned deleted
  • Resolution set to invalid
  • Status changed from new to closed

Only users that have the unfiltered_html capability can do this.

Note: See TracTickets for help on using tickets.