Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 18 Dec 2011 11:45:28 +0200
From: Henri Salo <>
Subject: CVE-request: WordPress advanced-text-widget XSS

Can I get CVE-identifier for this issue?

Original report:
Vendor report:
Fixed in 2.0.2
Vulnerable versions: 2.0.1 and all below
One example: advancedtext.php?page=
r466102 | maxchirkov | 2011-11-22 19:32:02 +0200 (Tue, 22 Nov 2011) | 2 lines

Committing version 2.0.2
- Updated all instances of $_GET method with esc_attr() to improve security.

- Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.