Wordpress <= v2.1.0

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Wordpress <= v2.1.0
From: ciri@xxxxxxxxxx
Date: 5 Mar 2007 00:55:56 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

If you're logged in into wordpress as an admin, your comments aren't properly 
sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF 
techniques.

More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt

Follow-Ups:
- Re: Wordpress <= v2.1.0
  - From: vvitkov@xxxxxxxxxxxxx
- RE: Wordpress <= v2.1.0
  - From: McCarty, Eric C.

Prev by Date: XSS Remote In vCard 2.6 (c)2002
Next by Date: DoS and code execution issue in LedgerSMB < 1.1.5 and SQL-Ledger < 2.6.25
Previous by thread: XSS Remote In vCard 2.6 (c)2002
Next by thread: RE: Wordpress <= v2.1.0
Index(es):
- Date
- Thread