WordPress.org

Plugin Directory

Opened 5 years ago

Last modified 5 years ago

#1607 new defect

There is a Stored XSS flaw in the Title text box box while creating a POST

Reported by: adityabalapure Owned by: Wordpress
Priority: highest Severity: critical
Plugin: not-listed Keywords:
Cc:

Description

There is a reflective XSS flaw in the Title text box box while creating a POST

Attachments (3)

Screenshot.png (138.3 KB) - added by adityabalapure 5 years ago.
The script being injected into the title bar
Screenshot-1.png (399.3 KB) - added by adityabalapure 5 years ago.
The pop up we recive when a client views the post a script is executed from another site
Screenshot-2.png (171.0 KB) - added by adityabalapure 5 years ago.
This is presently the latest version of wordpress

Download all attachments as: .zip

Change History (4)

@adityabalapure5 years ago

The script being injected into the title bar

@adityabalapure5 years ago

The pop up we recive when a client views the post a script is executed from another site

@adityabalapure5 years ago

This is presently the latest version of wordpress

comment:1 @adityabalapure5 years ago

  • Summary changed from There is a reflective XSS flaw in the Title text box box while creating a POST to There is a Stored XSS flaw in the Title text box box while creating a POST
Note: See TracTickets for help on using tickets.