WordPress 2.6.3 Vulnerable to XSS in RSS FG

Nov.26, 2008 in Disclosure, Pentesting, Vulnerabilities, Web Application

It has been reported here (but I first saw it here) that WordPress, a popular blogging application is vulnerable to cross-site scripting (XSS). The vulnerability, discovered in the RSS feed generator and complete with a PoC, affects all versions prior to and including version 2.6.3. A week after the vendor (WordPress) was notified, it released a new version (2.6.5).

Share, its free!

Welcome

This blog is about Security Monitoring & Auditing, Identity and Access Management, Web Application Security & Pentesting, Cyber Crime, Digital Forensics and everything in between - Too many? Are you kidding?!

Tags
Auditing Authentication Beautiful Thinking Biometrics Book Reviews Buffer Overflow Checklists Compromise Corporate Espionage Cross Site Scripting Cryptography Cyber-Crime Data Loss Digital Forensics Disclosure DRM Exploit Forensics Funny Hacked Identity Intrusion IT Law Linux Malware Music P2P Pentesting Privacy Secure Design Security Breach Security Education Security Management Security Monitoring Security Tools Virtualization Vulnerabilities
Archives
- April 2009 (5)
- March 2009 (12)
- February 2009 (7)
- December 2008 (11)
- November 2008 (24)
Calendar
August 2009

M T W T F S S

« Apr

1 2

3 4 5 6 7 8 9

10 11 12 13 14 15 16

17 18 19 20 21 22 23

24 25 26 27 28 29 30

31
Blogroll

The Security Eunoia

Blogging about Security Auditing, IdM & Access Mgmt, Web App Security etc