Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: CVE-2007-1732: wordpress mt import XSS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015
------- Additional Comments From ville.skytta(a)iki.fi 2007-04-09 04:23 EST -------
Just some general data points for consideration, I'm not necessarily disagreeing
with comment 1:
Missing/ineffective cross site request forgery preventation measures would
invalidate the "knowing/willing" assumption. But if I understand correctly,
Wordpress's admin UI has that protection.
Requiring authentication and willing interaction doesn't IMO make this a feature
if the goal was not to provide a possibility for injection of arbitrary markup
or scripts; it just affects the attack vectors.
--
Configure bugmail:
https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.