[Bug 233703] New: CVE-2007-1599, CVE-2007-1622: wordpress vulnerabilities

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.




https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233703

           Summary: CVE-2007-1599, CVE-2007-1622: wordpress vulnerabilities
           Product: Fedora Extras
           Version: fc6
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: medium
         Component: wordpress
        AssignedTo: jwb at redhat.com
        ReportedBy: ville.skytta at iki.fi
         QAContact: extras-qa at fedoraproject.org
                CC: fedora-security-list at redhat.com


http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1599
"wp-login.php in WordPress allows remote attackers to redirect authenticated
users to other websites and potentially obtain sensitive information via the
redirect_to parameter."

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1622
"Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress
before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote
authenticated users with theme privileges to inject arbitrary web script or HTML
via the PATH_INFO in the administration interface, related to loose regular
expression processing of PHP_SELF."

-- 
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.