Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235015
Summary: CVE-2007-1732: wordpress mt import XSS
Product: Fedora Extras
Version: fc6
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: wordpress
AssignedTo: jwb(a)redhat.com
ReportedBy: ville.skytta(a)iki.fi
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-security-list(a)redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1732
"** DISPUTED ** Cross-site scripting (XSS) vulnerability in an mt import in
wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators
to inject arbitrary web script or HTML via the demo parameter. NOTE: the
provenance of this information is unknown; the details are obtained solely from
third party information. NOTE: another researcher disputes this issue, stating
that this is legitimate functionality for administrators. However, it has been
patched by at least one vendor."
Posted for maintainer assessment whether this is a feature or a bug, and whether
it affects current FE releases. FWIW, Gentoo has patched it.
--
Configure bugmail:
https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.