[wp-hackers] XSS Vulnerability reported by a french geek
Aaron Brazell
abrazell at b5media.com
Tue May 29 15:49:08 GMT 2007
I still still still don't see this as an actual flaw. unfiltered_html
is a capability that an administrator should have. If the person has
administrative rights, well they can delete the whole blog. Is that
classified as a security risk too?
--
Aaron Brazell
Director of Technology, b5media
"A Global New Media Company"
www:: www.b5media.com
my www: www.technosailor.com
phone:: 410-608-6620
fax:: 416-849-0347
skype:: technosailor
Everything contained in this email is confidential and stuff.
On May 29, 2007, at 11:46 AM, Gali wrote:
> http://ar3av.free.fr/faillewordpress.php
> ( 27 / 05 / 2007 )
>
> versions : 2.2 and previous versions.
>
> A site could lead a blog administrator to post a malicious javascript
> in comments, resulting in an open door to XSS.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list