Home > Hacking, Informasi > WordPress Comment Author URI Cross-Site Scripting Vulnerability

WordPress Comment Author URI Cross-Site Scripting Vulnerability

Informasi

Bugtraq ID: 35755
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jul 21 2009 12:00AM
Updated: Jul 21 2009 12:00AM
Credit: WordPress
Vulnerable: WordPress WordPress (B2) 0.6.2 .1
WordPress WordPress (B2) 0.6.2
WordPress WordPress 2.8.1
WordPress WordPress 2.6.5
WordPress WordPress 2.6.2
WordPress WordPress 2.6.1
WordPress WordPress 2.5.1
WordPress WordPress 2.3.3
WordPress WordPress 2.3.2
WordPress WordPress 2.3.1
WordPress WordPress 2.2.3
WordPress WordPress 2.2.2
WordPress WordPress 2.2.1
WordPress WordPress 2.2.1
WordPress WordPress 2.1.3
WordPress WordPress 2.1.3
WordPress WordPress 2.1.2
WordPress WordPress 2.1.1
WordPress WordPress 2.0.11
WordPress WordPress 2.0.10
WordPress WordPress 2.0.7
WordPress WordPress 2.0.6
WordPress WordPress 2.0.5
WordPress WordPress 2.0.4
WordPress WordPress 2.0.3
WordPress WordPress 2.0.2
WordPress WordPress 2.0.1
WordPress WordPress 2.0
WordPress WordPress 1.5.2
WordPress WordPress 1.5.1 .3
WordPress WordPress 1.5.1 .2
WordPress WordPress 1.5.1
WordPress WordPress 1.5
WordPress WordPress 1.3.1
WordPress WordPress 1.2.2
WordPress WordPress 1.2.1
+ Gentoo Linux
WordPress WordPress 1.2
+ Gentoo Linux 1.4
+ Gentoo Linux
WordPress WordPress 0.71
WordPress WordPress 0.7
WordPress WordPress 2.8
WordPress WordPress 2.6
WordPress WordPress 2.5
WordPress WordPress 2.3
WordPress WordPress 2.2 Revision 5003
WordPress WordPress 2.2 Revision 5002
WordPress WordPress 2.2
WordPress WordPress 2.1.3-RC2
WordPress WordPress 2.1.3-RC1
WordPress WordPress 2.1
WordPress WordPress 2.0.10-RC2
WordPress WordPress 2.0.10-RC1
Gentoo Linux

Not Vulnerable: WordPress WordPress 2.8.2

Diskusi

WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Versions prior to WordPress 2.8.2 are vulnerable.

Eksploit

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

Solusi
Upgrade ke WordPress 2.8.2

Sumber
securityfocus

  1. May 17th, 2010 at 13:09 | #1
    Using Mozilla Firefox Mozilla Firefox 3.6.3 on Windows Windows XP

    thank’s ya… infonya

  2. May 23rd, 2011 at 17:47 | #2
    Using Mozilla Firefox Mozilla Firefox 4.0.1 on Windows Windows 7

    untung udah tak update

  3. July 24th, 2011 at 23:59 | #3
    Using Mozilla Firefox Mozilla Firefox 5.0 on Windows Windows 7

    nambah pengetahuan gw nih ….

  1. No trackbacks yet.

*

Bad Behavior has blocked 796 access attempts in the last 7 days.