[wp-trac] [WordPress Trac] #4236: XSS in template header of the
styles.css
WordPress Trac
wp-trac at lists.automattic.com
Tue May 8 12:44:39 GMT 2007
#4236: XSS in template header of the styles.css
----------------------------+-----------------------------------------------
Reporter: codein | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.4
Component: Administration | Version:
Severity: normal | Keywords: needs-patch,
----------------------------+-----------------------------------------------
cross site scripting is possible if someone place a line in the
template/style.css file.
the value of the template-metatags should be convert to HTML entities.
example (style.css):
{{{
Version: <script>alert(document.cookie);</script>1.6
}}}
i tested it with WP-Version 2.1.3
--
Ticket URL: <http://trac.wordpress.org/ticket/4236>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list