wordpress

2009-07-26

Page content

Author: Miklos Vajna
Vulnerable: 2.8.1-1anacreon1
Unaffected: 2.8.2-1anacreon1

A vulnerability has been reported in WordPress, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the comment author URL is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user’s browser session in context of an affected website when the malicious data is viewed.

Bug Tracker URL: http://bugs.frugalware.org/task/3873

CVEs:

No CVE references, see http://wordpress.org/development/2009/07/wordpress-2-8-2/