Date: Mon, 27 Apr 2015 21:08:44 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: nacin@...dpress.org, Assign a CVE Identifier <cve-assign@...re.org> Subject: Re: WordPress 4.2.1 security update - CVE please Hi Kurt, On Mon, Apr 27, 2015 at 12:47:58PM -0600, Kurt Seifried wrote: > http://codex.wordpress.org/Version_4.2.1 > > Version 4.2.1 addressed a security issue. For more information, see the > release notes. > > From the announcement post, WordPress 4.2.1 fixes a critical cross-site > scripting (XSS) vulnerability, which could enable commenters to > compromise a site. Had requested CVEs for this in http://www.openwall.com/lists/oss-security/2015/04/26/2 . But there is as well a different stored XSS reported http://klikki.fi/adv/wordpress2.html which seems to affect as well the latest wordpress versions (not verified myself). Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ