Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Nov 2008 13:58:16 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE requset: WordPress XSS vulnerability in RSS
 Feed Generator


======================================================
Name: CVE-2008-5278
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5278
Reference: BUGTRAQ:20081125 WordPress XSS vulnerability in RSS Feed Generator
Reference: URL:http://www.securityfocus.com/archive/1/498652
Reference: CONFIRM:http://wordpress.org/development/2008/11/wordpress-265/

Cross-site scripting (XSS) vulnerability in the self_link function in
in the RSS Feed Generator (wp-includes/feed.php) for WordPress before
2.6.5 allows remote attackers to inject arbitrary web script or HTML
via the Host header (HTTP_HOST variable).


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.