[wp-testers] WP 2.1.2 Bogus Self-XSS-Injection destroys Article /
Page
Tom Klingenberg
tklingenberg at lastflood.net
Tue Mar 20 19:43:01 GMT 2007
On Tue, 20 Mar 2007 17:44:13 +0100, Robin Adrianse <robin.adr at gmail.com>
wrote:
>
> I'm planning to attempt to see what you mean when I get around to it, but
> what do you mean...?
I mean that the adminpage becomes part of the code you edit in the Visual
or Code Editor. That's why I called it XSS since it destroys the valid
output of the script.
I'll do a clean install tomorrow and will validate again to have a
reproduceable version for everyone. Maybe you need some more code incl.
links as page before the code I've describben in my first post.
I can't tell if this is TinyMCE related or if it's wordpress related
because I only see it after pressing the save button.
so long,
Tom
More information about the wp-testers
mailing list