Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015
Summary: CVE-2007-1732: wordpress mt import XSS Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: wordpress AssignedTo: jwb@redhat.com ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1732
"** DISPUTED ** Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: another researcher disputes this issue, stating that this is legitimate functionality for administrators. However, it has been patched by at least one vendor."
Posted for maintainer assessment whether this is a feature or a bug, and whether it affects current FE releases. FWIW, Gentoo has patched it.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-1732: wordpress mt import XSS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015
jwb@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |NOTABUG
------- Additional Comments From jwb@redhat.com 2007-04-08 18:22 EST ------- This looks to me like a valid feature - it requires authentication and willing interaction on the part of the authenticated individual to exploit. I can't really call someone who knowingly and willingly uses such a feature a "victim". Although I can see where some would consider this a bug, I don't. If someone can point out a scheme whereby this would be a problem, I'm willing to be convinced otherwise, but until then, CLOSED-NOTABUG
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-1732: wordpress mt import XSS
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015
------- Additional Comments From ville.skytta@iki.fi 2007-04-09 04:23 EST ------- Just some general data points for consideration, I'm not necessarily disagreeing with comment 1:
Missing/ineffective cross site request forgery preventation measures would invalidate the "knowing/willing" assumption. But if I understand correctly, Wordpress's admin UI has that protection.
Requiring authentication and willing interaction doesn't IMO make this a feature if the goal was not to provide a possibility for injection of arbitrary markup or scripts; it just affects the attack vectors.
security@lists.fedoraproject.org
-
Red Hat Bugzilla