[wp-hackers] XSS vulnerability?
f.terenzani at gmail.com
f.terenzani at gmail.com
Tue Aug 1 09:10:10 GMT 2006
Hi all, i have read this fix [http://trac.wordpress.org/ticket/2953]
on the WP 2.0.4:
XSS Vulnerability in the 'post_tilte' parameter in
wp-admin/page-new.php while submitting thought the "Create New page"
option.
But I think this vulnerability there also is in the 'the_content'
parameter if you put on post.php post field:
<script><!--
alert('XSS Vulnerable');
--></script>
For this reason I had made the script manager plugin
[http://wp-plugins.net/plugin/script-manager/]
This have to be considered a bug?
More information about the wp-hackers
mailing list