[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Wordpress <= v2.1.0

To: <ciri@xxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Wordpress <= v2.1.0
From: "McCarty, Eric C." <emccarty@xxxxxxxxxxx>
Date: Mon, 5 Mar 2007 14:25:07 -0800

2.0.2 Tested and Does not appear Vulnerable.

-----Original Message-----
From: ciri@xxxxxxxxxx [mailto:ciri@xxxxxxxxxx] 
Sent: Sunday, March 04, 2007 4:56 PM
To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Wordpress <= v2.1.0

If you're logged in into wordpress as an admin, your comments aren't
properly sanitized, thus allowing an XSS to be posted. This can be
exploited using XSRF techniques.

More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt

References:
- Wordpress <= v2.1.0
  - From: ciri

Prev by Date: iDefense Security Advisory 03.05.07: Apple QuickTime Color Table ID Heap Corruption Vulnerability
Next by Date: Apple QuickTime Player Remote Heap Overflow
Previous by thread: Wordpress <= v2.1.0
Next by thread: Re: Wordpress <= v2.1.0
Index(es):
- Date
- Thread