Bugtraq mailing list archives
Wordpress <= v2.1.0
From: ciri () virtuax be
Date: 5 Mar 2007 00:55:56 -0000
If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques. More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt
Current thread:
- Wordpress <= v2.1.0 ciri (Mar 05)
- RE: Wordpress <= v2.1.0 McCarty, Eric C. (Mar 05)
- Re: Wordpress <= v2.1.0 vvitkov () intergenia de (Mar 06)
- <Possible follow-ups>
- Re: Re: Wordpress <= v2.1.0 ciri (Mar 07)