lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <9B3F8464-FDBD-49F1-9FC9-82A385FDC303@insecure.so>
Date: Mon, 27 Apr 2015 23:33:32 +0200
From: Winni Neessen <winni@...ecure.so>
To: Hanno Böck <hanno@...eck.de>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD] WordPress 4.2 stored XSS

Am 27.04.2015 um 16:55 schrieb Hanno Böck <hanno@...eck.de>:

> As there is still no fix from upstream I created a quick'n'dirty fix
> for it:
> https://gist.github.com/hannob/a07f7b7e196c75c4c1a8
> https://files.hboeck.de/wordpress-4.2-emergency-fix-xss.diff
> 

Looks like the WP team published an official fix:
https://wordpress.org/news/2015/04/wordpress-4-2-1/ <https://wordpress.org/news/2015/04/wordpress-4-2-1/>

"A few hours ago, the WordPress team was made aware of a cross-site
scripting vulnerability, which could enable commenters to compromise a
site. The vulnerability was discovered by Jouko Pynnönen.“


Winni

Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ