FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

wordpress -- cross-site scripting

Affected packages
de-wordpress < 2.3.1
wordpress < 2.3.1
0 < zh-wordpress

Details

VuXML ID a467d0f9-8875-11dc-b3ba-0016179b2dd5
Discovery 2007-10-29
Entry 2007-11-01

A Secunia Advisory report:

Input passed to the "posts_columns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

[source]

References

CVE Name CVE-2007-5710
URL http://secunia.com/advisories/27407
URL http://wordpress.org/development/2007/10/wordpress-231/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.