[wp-testers] XSS problem?
Stefano
steagl at people.it
Sun Jan 28 10:45:09 GMT 2007
On Sun, 28 Jan 2007 05:30:48 -0500, Mark Jaquith
<mark.wordpress at txfx.net> wrote:
>On Jan 28, 2007, at 3:44 AM, Stefano wrote:
>
>> AN user form WordPress Italy signaled to me that inserting some
>> javascript code into a comment, in his example a simple allert, this
>> allert will show up every time the page is accessed.
>>
>> Yjis coul be a serious vurnerability or not ?
>
>It would be if regular commenters could do that. He was likely
>(hopefully) signed in as an Administrator when he published the
>comment, which removes the strict HTML sanitization.
He says that happens evene if not logged it send a comment and cause i
ask to approve them all the script passess too.... i can't check it
now cause i'm not on my computer and i still have to update my online
blogs.
--
Stefano Aglietti - StallonIt on IRCnet - ICQ#: 2078431
Email: steve at 40annibuttati.it steagl at people.it
Sites: http://www.40annibuttati.it (personal blog)
http://www.wordpress-it.it (WordPress Italia)
More information about the wp-testers
mailing list