[wp-hackers] Reputed XSS issue with WordPress (templates.php)
ag.ml2007 at zirona.com
Tue Feb 13 17:08:53 GMT 2007
On Tue, 2007-02-13 at 17:44 +0100, Bas Bosman wrote:
> This can be triggered by users without the edit files capability. You just
> have to trick somebody with that capability to click that specially
> crafted link, by mailing a link or posting it in a comment for instance.
Maybe so, but doesn't this fall into the "social engineering" category?
With the same arguments, you could say that other managing actions which
are triggered by a GET request are vulnerable to XSS attacks.
Alex Günsche, Zirona OpenSource-Consulting
work: http://www.zirona.com/ | leisure: http://www.roggenrohl.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc
More information about the wp-hackers