Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Nov 2008 18:20:21 -0500 (EST)
From: "Steven M. Christey" <>
Subject: Re: CVE requset: WordPress XSS vulnerability in RSS
 Feed Generator

Name: CVE-2008-5278
Status: Candidate
Reference: BUGTRAQ:20081125 WordPress XSS vulnerability in RSS Feed Generator
Reference: URL:
Reference: CONFIRM:

Cross-site scripting (XSS) vulnerability in the self_link function in
in the RSS Feed Generator (wp-includes/feed.php) for WordPress before
2.6.5 allows remote attackers to inject arbitrary web script or HTML
via the Host header (HTTP_HOST variable).

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.