[wp-testers] XSS problem?
Mark Jaquith
mark.wordpress at txfx.net
Sun Jan 28 10:30:48 GMT 2007
On Jan 28, 2007, at 3:44 AM, Stefano wrote:
> AN user form WordPress Italy signaled to me that inserting some
> javascript code into a comment, in his example a simple allert, this
> allert will show up every time the page is accessed.
>
> Yjis coul be a serious vurnerability or not ?
It would be if regular commenters could do that. He was likely
(hopefully) signed in as an Administrator when he published the
comment, which removes the strict HTML sanitization.
--
Mark Jaquith
http://markjaquith.com/
Covered Web Services
http://covered.be/
More information about the wp-testers
mailing list